CVE-NVD/nvdcve-1.1-modified.json

{
  "CVE_data_type" : "CVE",
  "CVE_data_format" : "MITRE",
  "CVE_data_version" : "4.0",
  "CVE_data_numberOfCVEs" : "885",
  "CVE_data_timestamp" : "2021-05-10T12:00Z",
  "CVE_Items" : [ {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28664",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver",
          "name" : "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://developer.arm.com/support/arm-security-updates",
          "name" : "https://developer.arm.com/support/arm-security-updates",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r8p0 through r30p0."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T15:15Z",
    "lastModifiedDate" : "2021-05-10T15:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28663",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver",
          "name" : "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://developer.arm.com/support/arm-security-updates",
          "name" : "https://developer.arm.com/support/arm-security-updates",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T15:15Z",
    "lastModifiedDate" : "2021-05-10T15:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-23016",
        "ASSIGNER" : "f5sirt@f5.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.f5.com/csp/article/K75540265",
          "name" : "https://support.f5.com/csp/article/K75540265",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x, an attacker may be able to bypass APM's internal restrictions and retrieve static content that is hosted within APM by sending specifically crafted requests to an APM Virtual Server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T15:15Z",
    "lastModifiedDate" : "2021-05-10T15:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-23015",
        "ASSIGNER" : "f5sirt@f5.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.f5.com/csp/article/K74151369",
          "name" : "https://support.f5.com/csp/article/K74151369",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the 'Administrator' role may be able to bypass Appliance Mode restrictions utilizing undisclosed iControl REST endpoints. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T15:15Z",
    "lastModifiedDate" : "2021-05-10T15:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-23014",
        "ASSIGNER" : "f5sirt@f5.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.f5.com/csp/article/K23203045",
          "name" : "https://support.f5.com/csp/article/K23203045",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API which might allow Authenticated users with guest privileges to upload files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T15:15Z",
    "lastModifiedDate" : "2021-05-10T15:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-23012",
        "ASSIGNER" : "f5sirt@f5.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.f5.com/csp/article/K04234247",
          "name" : "https://support.f5.com/csp/article/K04234247",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either \"Resource Administrator\" or \"Administrator\" roles to execute arbitrary bash commands on BIG-IP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T15:15Z",
    "lastModifiedDate" : "2021-05-10T15:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-23010",
        "ASSIGNER" : "f5sirt@f5.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.f5.com/csp/article/K18570111",
          "name" : "https://support.f5.com/csp/article/K18570111",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-IP ASM bd process may produce a core file. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T15:15Z",
    "lastModifiedDate" : "2021-05-10T15:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-23009",
        "ASSIGNER" : "f5sirt@f5.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.f5.com/csp/article/K90603426",
          "name" : "https://support.f5.com/csp/article/K90603426",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, malformed HTTP/2 requests may cause an infinite loop which causes a Denial of Service for Data Plane traffic. TMM takes the configured HA action when the TMM process is aborted. There is no control plane exposure, this is a data plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T15:15Z",
    "lastModifiedDate" : "2021-05-10T15:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32056",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released",
          "name" : "https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html",
          "name" : "https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html",
          "name" : "https://www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released",
          "name" : "https://cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T14:15Z",
    "lastModifiedDate" : "2021-05-10T14:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-23013",
        "ASSIGNER" : "f5sirt@f5.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.f5.com/csp/article/K04234247",
          "name" : "https://support.f5.com/csp/article/K04234247",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, the Traffic Management Microkernel (TMM) may stop responding when processing Stream Control Transmission Protocol (SCTP) traffic under certain conditions. This vulnerability affects TMM by way of a virtual server configured with an SCTP profile. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T14:15Z",
    "lastModifiedDate" : "2021-05-10T14:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-23011",
        "ASSIGNER" : "f5sirt@f5.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.f5.com/csp/article/K10751325",
          "name" : "https://support.f5.com/csp/article/K10751325",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, when the BIG-IP system is buffering packet fragments for reassembly, the Traffic Management Microkernel (TMM) may consume an excessive amount of resources, eventually leading to a restart and failover event. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T14:15Z",
    "lastModifiedDate" : "2021-05-10T14:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-23008",
        "ASSIGNER" : "f5sirt@f5.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.f5.com/csp/article/K51213246",
          "name" : "https://support.f5.com/csp/article/K51213246",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "On version 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and all versions of 16.0.x and 11.6.x., BIG-IP APM AD (Active Directory) authentication can be bypassed via a spoofed AS-REP (Kerberos Authentication Service Response) response sent over a hijacked KDC (Kerberos Key Distribution Center) connection or from an AD server compromised by an attacker. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T14:15Z",
    "lastModifiedDate" : "2021-05-10T14:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-26583",
        "ASSIGNER" : "security-alert@hpe.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04129en_us",
          "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04129en_us",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Potential security vulnerabilities have been identified in HPE iLO Amplifier Pack using bootstrap framework. The vulnerabilities could be remotely exploited to allow remote code execution and cross site scripting (XSS). HPE has released a software update to resolve the vulnerabilities in the HPE iLO Amplifier Pack."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T13:15Z",
    "lastModifiedDate" : "2021-05-10T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25645",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.couchbase.com/resources/security#SecurityAlerts",
          "name" : "https://www.couchbase.com/resources/security#SecurityAlerts",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://www.couchbase.com/downloads",
          "name" : "https://www.couchbase.com/downloads",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log, and stats.log files. NOTE: updating the product does not automatically address leaks that occurred in the past."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T13:15Z",
    "lastModifiedDate" : "2021-05-10T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22672",
        "ASSIGNER" : "ics-cert@hq.dhs.gov"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-524/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-524/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-124-02",
          "name" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-124-02",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Delta Electronics' CNCSoft ScreenEditor in versions prior to v1.01.30 could allow the corruption of data, a denial-of-service condition, or code execution. The vulnerability may allow an attacker to remotely execute arbitrary code."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T13:15Z",
    "lastModifiedDate" : "2021-05-10T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-22809",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exploit-db.com/exploits/48306",
          "name" : "https://www.exploit-db.com/exploits/48306",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In Windscribe v1.83 Build 20, 'WindscribeService' has an Unquoted Service Path that facilitates privilege escalation."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T13:15Z",
    "lastModifiedDate" : "2021-05-10T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24011",
        "ASSIGNER" : "psirt@fortinet.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://fortiguard.com/advisory/FG-IR-20-038",
          "name" : "https://fortiguard.com/advisory/FG-IR-20-038",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T12:15Z",
    "lastModifiedDate" : "2021-05-10T12:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31520",
        "ASSIGNER" : "security@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-525/",
          "name" : "N/A",
          "refsource" : "N/A",
          "tags" : [ ]
        }, {
          "url" : "https://success.trendmicro.com/solution/000286439",
          "name" : "N/A",
          "refsource" : "N/A",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A weak session token authentication bypass vulnerability in Trend Micro IM Security 1.6 and 1.6.5 could allow an remote attacker to guess currently logged-in administrators' session session token in order to gain access to the product's web management interface."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T11:15Z",
    "lastModifiedDate" : "2021-05-10T11:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25849",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.moxa.com/en/",
          "name" : "https://www.moxa.com/en/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities",
          "name" : "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T11:15Z",
    "lastModifiedDate" : "2021-05-10T11:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25848",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.moxa.com/en/",
          "name" : "https://www.moxa.com/en/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities",
          "name" : "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T11:15Z",
    "lastModifiedDate" : "2021-05-10T11:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25847",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.moxa.com/en/",
          "name" : "https://www.moxa.com/en/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities",
          "name" : "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop counter variable via a crafted lldp packet."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T11:15Z",
    "lastModifiedDate" : "2021-05-10T11:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25846",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.moxa.com/en/",
          "name" : "https://www.moxa.com/en/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities",
          "name" : "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T11:15Z",
    "lastModifiedDate" : "2021-05-10T11:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25845",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.moxa.com/en/",
          "name" : "https://www.moxa.com/en/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities",
          "name" : "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a NULL pointer dereference via a crafted lldp packet."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T11:15Z",
    "lastModifiedDate" : "2021-05-10T11:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20717",
        "ASSIGNER" : "vultures@jpcert.or.jp"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://jvn.jp/en/jp/JVN97554111/index.html",
          "name" : "https://jvn.jp/en/jp/JVN97554111/index.html",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.ec-cube.net/news/detail.php?news_id=384",
          "name" : "https://www.ec-cube.net/news/detail.php?news_id=384",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.ec-cube.net/news/detail.php?news_id=383",
          "name" : "https://www.ec-cube.net/news/detail.php?news_id=383",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T10:15Z",
    "lastModifiedDate" : "2021-05-10T10:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3003",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://fibonhack.github.io/2021/desktop-telematico-mitm-to-rce",
          "name" : "https://fibonhack.github.io/2021/desktop-telematico-mitm-to-rce",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://telematici.agenziaentrate.gov.it/Main/Desktop.jsp",
          "name" : "https://telematici.agenziaentrate.gov.it/Main/Desktop.jsp",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Agenzia delle Entrate Desktop Telematico 1.0.0 contacts the jws.agenziaentrate.it server over cleartext HTTP, which allows man-in-the-middle attackers to spoof product updates."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T06:15Z",
    "lastModifiedDate" : "2021-05-10T06:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32471",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/intrinsic-propensity/turing-machine",
          "name" : "https://github.com/intrinsic-propensity/turing-machine",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://arxiv.org/abs/2105.02124",
          "name" : "https://arxiv.org/abs/2105.02124",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. For example, a tape head may have an unexpected location after the processing of input composed of As and Bs (instead of 0s and 1s). NOTE: the discoverer states \"this vulnerability has no real-world implications.\""
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T05:15Z",
    "lastModifiedDate" : "2021-05-10T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-26077",
        "ASSIGNER" : "security@atlassian.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://confluence.atlassian.com/pages/viewpage.action?pageId=1063555147",
          "name" : "https://confluence.atlassian.com/pages/viewpage.action?pageId=1063555147",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://community.developer.atlassian.com/t/action-required-atlassian-connect-vulnerability-allows-bypass-of-app-qsh-verification-via-context-jwts/47072",
          "name" : "https://community.developer.atlassian.com/t/action-required-atlassian-connect-vulnerability-allows-bypass-of-app-qsh-verification-via-context-jwts/47072",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions 1.1.0 before 2.1.3 and versions 2.1.4 before 2.1.5 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-10T00:15Z",
    "lastModifiedDate" : "2021-05-10T00:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31758",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/Yu3H0/IoT_CVE/tree/main/Tenda/CVE_2",
          "name" : "https://github.com/Yu3H0/IoT_CVE/tree/main/Tenda/CVE_2",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:tenda:ac11_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "02.03.01.104_cn:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:tenda:ac11:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 10.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-07T23:15Z",
    "lastModifiedDate" : "2021-05-10T14:56Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31757",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/Yu3H0/IoT_CVE/tree/main/Tenda/CVE_4",
          "name" : "https://github.com/Yu3H0/IoT_CVE/tree/main/Tenda/CVE_4",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:tenda:ac11_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "02.03.01.104_cn:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:tenda:ac11:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 10.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-07T23:15Z",
    "lastModifiedDate" : "2021-05-10T14:56Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31756",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/Yu3H0/IoT_CVE/tree/main/Tenda/CVE_1",
          "name" : "https://github.com/Yu3H0/IoT_CVE/tree/main/Tenda/CVE_1",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copied to the stack variable."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:tenda:ac11_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "02.03.01.104_cn:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:tenda:ac11:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 10.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-07T23:15Z",
    "lastModifiedDate" : "2021-05-10T14:56Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31755",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/Yu3H0/IoT_CVE/tree/main/Tenda/CVE_3",
          "name" : "https://github.com/Yu3H0/IoT_CVE/tree/main/Tenda/CVE_3",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:tenda:ac11_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "02.03.01.104_cn:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:tenda:ac11:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 10.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-07T23:15Z",
    "lastModifiedDate" : "2021-05-10T14:57Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31472",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-529/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-529/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13011."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31471",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-528/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-528/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12955."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31470",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-416"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-527/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-527/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12947."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31469",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-526/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-526/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12936."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31468",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-557/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-557/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D files embedded in PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13620."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31467",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-556/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-556/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D files embedded in PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13621."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31466",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-555/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-555/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13583."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31465",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-554/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-554/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13582."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31464",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-553/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-553/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13574."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31463",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-552/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-552/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13573."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31462",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-551/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-551/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13572."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31461",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-550/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-550/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the the handling of app.media objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process Was ZDI-CAN-13333."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31460",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-416"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-549/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-549/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA templates. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13096."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "9.7.5.29616:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "10.0.0.0:",
            "versionEndIncluding" : "10.1.37598:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:foxitsoftware:reader:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "10.1.3.37598:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-10T15:23Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31459",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-416"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-548/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-548/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13162."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "9.7.5.29616:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "10.0.0.0:",
            "versionEndIncluding" : "10.1.3.37598:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:foxitsoftware:reader:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "10.1.3.37598:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-10T15:52Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31458",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-416"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-547/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-547/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13150."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "9.7.5.29616:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "10.0.0.0:",
            "versionEndIncluding" : "10.1.37598:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:foxitsoftware:reader:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "10.1.3.37598:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-10T15:53Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31457",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-416"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-546/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-546/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13147."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31456",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-416"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-545/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-545/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13102."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31455",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-544/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-544/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13100."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31454",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-122"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-543/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-543/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Decimal element. A crafted leadDigits value in a Decimal element can trigger an overflow of a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Was ZDI-CAN-13095."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31453",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-416"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-542/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-542/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13092."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31452",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-541/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-541/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13091."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31451",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-416"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-540/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-540/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13089."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31450",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-416"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-539/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-539/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13084."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31449",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-415"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-538/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-538/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13280."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31448",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-537/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-537/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13273."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31447",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-536/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-536/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13269."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31446",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-535/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-535/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13245."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31445",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-534/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-534/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13244."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31444",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-533/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-533/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13241."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31443",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-532/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-532/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13240."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31442",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-531/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-531/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13239."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31441",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-416"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-530/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-530/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13101."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29499",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/sylabs/sif/security/advisories/GHSA-4gh8-x3vv-phhg",
          "name" : "https://github.com/sylabs/sif/security/advisories/GHSA-4gh8-x3vv-phhg",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "SIF is an open source implementation of the Singularity Container Image Format. The `siftool new` command and func siftool.New() produce predictable UUID identifiers due to insecure randomness in the version of the `github.com/satori/go.uuid` module used as a dependency. A patch is available in version >= v1.2.3 of the module. Users are encouraged to upgrade. As a workaround, users passing CreateInfo struct should ensure the `ID` field is generated using a version of `github.com/satori/go.uuid` that is not vulnerable to this issue."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T21:15Z",
    "lastModifiedDate" : "2021-05-07T21:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32470",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3613---2021-05-04",
          "name" : "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3613---2021-05-04",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/craftcms/cms/commit/f9378aa154b5f9b64bed3d59cce0c4a8184bf5e6",
          "name" : "https://github.com/craftcms/cms/commit/f9378aa154b5f9b64bed3d59cce0c4a8184bf5e6",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Craft CMS before 3.6.13 has an XSS vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T19:31Z",
    "lastModifiedDate" : "2021-05-07T19:34Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-27574",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://axelp.io/MouseTrap",
          "name" : "https://axelp.io/MouseTrap",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://remotemouse.net/blog/",
          "name" : "https://remotemouse.net/blog/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses cleartext HTTP to check, and request, updates. Thus, attackers can machine-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T19:31Z",
    "lastModifiedDate" : "2021-05-07T19:34Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-27573",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://axelp.io/MouseTrap",
          "name" : "https://axelp.io/MouseTrap",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://remotemouse.net/blog/",
          "name" : "https://remotemouse.net/blog/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote unauthenticated users can execute arbitrary code via crafted UDP packets with no prior authorization or authentication."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T19:31Z",
    "lastModifiedDate" : "2021-05-07T19:34Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-27572",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://axelp.io/MouseTrap",
          "name" : "https://axelp.io/MouseTrap",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://remotemouse.net/blog/",
          "name" : "https://remotemouse.net/blog/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in Emote Remote Mouse through 4.0.0.0. Authentication Bypass can occur via Packet Replay. Remote unauthenticated users can execute arbitrary code via crafted UDP packets even when passwords are set."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T19:31Z",
    "lastModifiedDate" : "2021-05-07T19:34Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-27571",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://axelp.io/MouseTrap",
          "name" : "https://axelp.io/MouseTrap",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://remotemouse.net/blog/",
          "name" : "https://remotemouse.net/blog/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can retrieve recently used and running applications, their icons, and their file paths. This information is sent in cleartext and is not protected by any authentication logic."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T19:31Z",
    "lastModifiedDate" : "2021-05-07T19:34Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-27570",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://axelp.io/MouseTrap",
          "name" : "https://axelp.io/MouseTrap",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://remotemouse.net/blog/",
          "name" : "https://remotemouse.net/blog/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in Emote Remote Mouse through 3.015. Attackers can close any running process by sending the process name in a specially crafted packet. This information is sent in cleartext and is not protected by any authentication logic."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T19:31Z",
    "lastModifiedDate" : "2021-05-07T19:34Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-27569",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://axelp.io/MouseTrap",
          "name" : "https://axelp.io/MouseTrap",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://remotemouse.net/blog/",
          "name" : "https://remotemouse.net/blog/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can maximize or minimize the window of a running process by sending the process name in a crafted packet. This information is sent in cleartext and is not protected by any authentication logic."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T19:31Z",
    "lastModifiedDate" : "2021-05-07T19:34Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29495",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/nim-lang/security/security/advisories/GHSA-9vqv-2jj9-7mqr",
          "name" : "https://github.com/nim-lang/security/security/advisories/GHSA-9vqv-2jj9-7mqr",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled by default. Users can upgrade to version 1.4.2 to receive a patch or, as a workaround, set \"verifyMode = CVerifyPeer\" as documented."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T16:15Z",
    "lastModifiedDate" : "2021-05-07T18:30Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22677",
        "ASSIGNER" : "ics-cert@hq.dhs.gov"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-190"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-119-01",
          "name" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-119-01",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An integer overflow exists in the APIs of the host MCU while trying to connect to a WIFI network may lead to issues such as a denial-of-service condition or code execution on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T16:15Z",
    "lastModifiedDate" : "2021-05-07T16:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-4901",
        "ASSIGNER" : "psirt@us.ibm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.ibm.com/support/pages/node/6450435",
          "name" : "https://www.ibm.com/support/pages/node/6450435",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190992",
          "name" : "ibm-rpa-cve20204901-info-disc (190992)",
          "refsource" : "XF",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "IBM Robotic Process Automation with Automation Anywhere 11.0 could allow an attacker on the network to obtain sensitive information or cause a denial of service through username enumeration. IBM X-Force ID: 190992."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T16:15Z",
    "lastModifiedDate" : "2021-05-07T18:30Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32259",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T15:15Z",
    "lastModifiedDate" : "2021-05-07T15:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29488",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-23"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-jwj3-wrvf-v3rp",
          "name" : "https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-jwj3-wrvf-v3rp",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the `filesystem.renamer()` function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released as part of SABnzbd 3.2.1RC1. As a workaround, limit downloads to NZBs without PAR2 files, deny write permissions to the SABnzbd process outside areas it must access to perform its job, or update to a fixed version."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T15:15Z",
    "lastModifiedDate" : "2021-05-07T15:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-27437",
        "ASSIGNER" : "ics-cert@hq.dhs.gov"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-798"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-124-01",
          "name" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-124-01",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T15:15Z",
    "lastModifiedDate" : "2021-05-07T15:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21419",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-400"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/eventlet/eventlet/security/advisories/GHSA-9p9m-jm8w-94p2",
          "name" : "https://github.com/eventlet/eventlet/security/advisories/GHSA-9p9m-jm8w-94p2",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T15:15Z",
    "lastModifiedDate" : "2021-05-07T15:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22673",
        "ASSIGNER" : "ics-cert@hq.dhs.gov"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-119-01",
          "name" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-119-01",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The affected product is vulnerable to stack-based buffer overflow while processing over-the-air firmware updates from the CDN server, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T14:15Z",
    "lastModifiedDate" : "2021-05-07T14:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22671",
        "ASSIGNER" : "ics-cert@hq.dhs.gov"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-190"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-119-01",
          "name" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-119-01",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple integer overflow issues exist while processing long domain names, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T14:15Z",
    "lastModifiedDate" : "2021-05-07T14:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22679",
        "ASSIGNER" : "ics-cert@hq.dhs.gov"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-190"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-119-01",
          "name" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-119-01",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The affected product is vulnerable to an integer overflow while processing HTTP headers, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T13:15Z",
    "lastModifiedDate" : "2021-05-07T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22675",
        "ASSIGNER" : "ics-cert@hq.dhs.gov"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-190"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-119-01",
          "name" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-119-01",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The affected product is vulnerable to integer overflow while parsing malformed over-the-air firmware update files, which may allow an attacker to remotely execute code on SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T13:15Z",
    "lastModifiedDate" : "2021-05-07T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3502",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-476"
          }, {
            "lang" : "en",
            "value" : "CWE-617"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/lathiat/avahi/issues/338",
          "name" : "https://github.com/lathiat/avahi/issues/338",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1946914",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1946914",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T12:15Z",
    "lastModifiedDate" : "2021-05-07T12:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-26123",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.xist4c.com",
          "name" : "https://www.xist4c.com",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.dgc.org/responsible_disclosure_20210421_livinglogic_xss",
          "name" : "https://www.dgc.org/responsible_disclosure_20210421_livinglogic_xss",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wihtm, or login-form.htm."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T12:15Z",
    "lastModifiedDate" : "2021-05-07T18:30Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-26122",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.xist4c.com",
          "name" : "https://www.xist4c.com",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.dgc.org/responsible_disclosure_20210421_livinglogic_xss",
          "name" : "https://www.dgc.org/responsible_disclosure_20210421_livinglogic_xss",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedback.wihtm."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T12:15Z",
    "lastModifiedDate" : "2021-05-07T18:30Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21984",
        "ASSIGNER" : "security@vmware.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.vmware.com/security/advisories/VMSA-2021-0007.html",
          "name" : "https://www.vmware.com/security/advisories/VMSA-2021-0007.html",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. A malicious actor with network access may exploit this issue causing unauthorised remote code execution on vRealize Business for Cloud Virtual Appliance."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T12:15Z",
    "lastModifiedDate" : "2021-05-07T12:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-14009",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0006",
          "name" : "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0006",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.proofpoint.com/us/security/security-advisories",
          "name" : "https://www.proofpoint.com/us/security/security-advisories",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Proofpoint Enterprise Protection (PPS/PoD) before 8.17.0 contains a vulnerability that could allow an attacker to deliver an email message with a malicious attachment that bypasses scanning and file-blocking rules. The vulnerability exists because messages with certain crafted and malformed multipart structures are not properly handled."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T12:15Z",
    "lastModifiedDate" : "2021-05-07T12:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-36128",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://marketing.paxtechnology.com/about-pax",
          "name" : "https://marketing.paxtechnology.com/about-pax",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.whatspos.com/",
          "name" : "https://www.whatspos.com/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://blog.pridesec.com.br/p/4c972078-5f01-419e-8bea-cf31ff2e3670/",
          "name" : "https://blog.pridesec.com.br/p/4c972078-5f01-419e-8bea-cf31ff2e3670/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token (called X-Terminal-Token) to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its reseller. By intercepting HTTPS traffic from the application store, it is possible to collect the request responsible for assigning the X-Terminal-Token to the terminal, which makes it possible to craft an X-Terminal-Token pretending to be another device. An attacker can use this behavior to authenticate its own payment terminal in the application store through token impersonation."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T11:15Z",
    "lastModifiedDate" : "2021-05-07T18:30Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-36127",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://marketing.paxtechnology.com/about-pax",
          "name" : "https://marketing.paxtechnology.com/about-pax",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.whatspos.com/",
          "name" : "https://www.whatspos.com/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://blog.pridesec.com.br/p/4c972078-5f01-419e-8bea-cf31ff2e3670/",
          "name" : "https://blog.pridesec.com.br/p/4c972078-5f01-419e-8bea-cf31ff2e3670/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the current p12 certificate and password. When accessing this functionality, the administrator has the option to replace the current certificate and it is not possible to view the certificate password (p12) already deployed on the platform. The replacement p12 certificate returns to users in base64 with its password, which can be accessed by non-administrator users."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T11:15Z",
    "lastModifiedDate" : "2021-05-07T18:30Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-36126",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://marketing.paxtechnology.com/about-pax",
          "name" : "https://marketing.paxtechnology.com/about-pax",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.whatspos.com/",
          "name" : "https://www.whatspos.com/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://blog.pridesec.com.br/p/4c972078-5f01-419e-8bea-cf31ff2e3670/",
          "name" : "https://blog.pridesec.com.br/p/4c972078-5f01-419e-8bea-cf31ff2e3670/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. PAXSTORE marketplace endpoints allow an authenticated user to read and write data not owned by them, including third-party users, application and payment terminals, where an attacker can impersonate any user which may lead to the unauthorized disclosure, modification, or destruction of information."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T11:15Z",
    "lastModifiedDate" : "2021-05-07T18:30Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-36125",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://marketing.paxtechnology.com/about-pax",
          "name" : "https://marketing.paxtechnology.com/about-pax",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.whatspos.com/",
          "name" : "https://www.whatspos.com/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://blog.pridesec.com.br/p/4c972078-5f01-419e-8bea-cf31ff2e3670/",
          "name" : "https://blog.pridesec.com.br/p/4c972078-5f01-419e-8bea-cf31ff2e3670/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T11:15Z",
    "lastModifiedDate" : "2021-05-07T18:30Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-36124",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://marketing.paxtechnology.com/about-pax",
          "name" : "https://marketing.paxtechnology.com/about-pax",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.whatspos.com/",
          "name" : "https://www.whatspos.com/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://blog.pridesec.com.br/p/4c972078-5f01-419e-8bea-cf31ff2e3670/",
          "name" : "https://blog.pridesec.com.br/p/4c972078-5f01-419e-8bea-cf31ff2e3670/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by XML External Entity (XXE) injection. An authenticated attacker can compromise the private keys of a JWT token and reuse them to manipulate the access tokens to access the platform as any desired user (clients and administrators)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T11:15Z",
    "lastModifiedDate" : "2021-05-07T18:30Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30173",
        "ASSIGNER" : "cve@cert.org.tw"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-36"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.twcert.org.tw/tw/cp-132-4712-7ade4-1.html",
          "name" : "https://www.twcert.org.tw/tw/cp-132-4712-7ade4-1.html",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Local File Inclusion vulnerability of the omni-directional communication system allows remote authenticated attacker inject absolute path into Url parameter and access arbitrary file."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      }
    },
    "publishedDate" : "2021-05-07T10:15Z",
    "lastModifiedDate" : "2021-05-07T18:30Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30172",
        "ASSIGNER" : "cve@cert.org.tw"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.twcert.org.tw/tw/cp-132-4711-04469-1.html",
          "name" : "https://www.twcert.org.tw/tw/cp-132-4711-04469-1.html",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Special characters of picture preview page in the Quan-Fang-Wei-Tong-Xun system are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out Reflected XSS (Cross-site scripting) attacks, additionally access and manipulate customer’s information."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.6,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.1,
        "impactScore" : 2.5
      }
    },
    "publishedDate" : "2021-05-07T10:15Z",
    "lastModifiedDate" : "2021-05-07T18:30Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30171",
        "ASSIGNER" : "cve@cert.org.tw"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.twcert.org.tw/tw/cp-132-4707-9c87e-1.html",
          "name" : "https://www.twcert.org.tw/tw/cp-132-4707-9c87e-1.html",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Special characters of ERP POS news page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks, additionally access and manipulate customer’s information."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.6,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.1,
        "impactScore" : 2.5
      }
    },
    "publishedDate" : "2021-05-07T10:15Z",
    "lastModifiedDate" : "2021-05-07T18:30Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30170",
        "ASSIGNER" : "cve@cert.org.tw"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.twcert.org.tw/tw/cp-132-4707-9c87e-1.html",
          "name" : "https://www.twcert.org.tw/tw/cp-132-4707-9c87e-1.html",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Special characters of ERP POS customer profile page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks, additionally access and manipulate customer’s information."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.6,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.1,
        "impactScore" : 2.5
      }
    },
    "publishedDate" : "2021-05-07T10:15Z",
    "lastModifiedDate" : "2021-05-07T18:30Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1927",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Possible use after free due to lack of null check while memory is being freed in FastRPC driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T09:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1925",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T09:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1915",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T09:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1910",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Double free in video due to lack of input buffer length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T09:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1906",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T09:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1905",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T09:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1895",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Possible integer overflow due to improper length check while flashing an image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T09:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1891",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T09:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-11295",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Use after free in camera If the threadmanager is being cleaned up while the worker thread is processing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T09:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-11294",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T09:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-11293",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Out of bound read can happen in Widevine TA while copying data to buffer from user data due to lack of check of buffer length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T09:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-11289",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T09:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-11288",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Out of bound write can occur in playready while processing command due to lack of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T09:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-11285",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Buffer over-read while unpacking the RTCP packet we may read extra byte if wrong length is provided in RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T09:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-11284",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Locked memory can be unlocked and modified by non secure boot loader through improper system call sequence making the memory region untrusted source of input for secure boot loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T09:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-11279",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Memory corruption while processing crafted SDES packets due to improper length check in sdes packets recieved in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T09:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-11274",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Denial of service in MODEM due to assert to the invalid configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T09:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-11273",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Histogram type KPI was teardown with the assumption of the existence of histogram binning info and will lead to null pointer access when histogram binning info is missing due to lack of null check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T09:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-11268",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Potential UE reset while decoding a crafted Sib1 or SIB1 that schedules unsupported SIBs and can lead to denial of service in Snapdragon Auto, Snapdragon Mobile"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T09:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-11254",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T09:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-29445",
        "ASSIGNER" : "security@atlassian.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://jira.atlassian.com/browse/CONFSERVER-61453",
          "name" : "N/A",
          "refsource" : "N/A",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Affected versions of Confluence Server before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T06:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-29444",
        "ASSIGNER" : "security@atlassian.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://jira.atlassian.com/browse/CONFSERVER-61266",
          "name" : "N/A",
          "refsource" : "N/A",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T06:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32093",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed",
          "name" : "https://blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover",
          "name" : "https://portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The ConfigFileAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to read arbitrary files via the ConfigName parameter."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T05:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32092",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed",
          "name" : "https://blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover",
          "name" : "https://portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A Cross-site scripting (XSS) vulnerability in the DocumentAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the uuid parameter."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T05:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32091",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://portswigger.net/daily-swig/localstack-zero-day-vulnerabilities-chained-to-achieve-remote-takeover-of-local-instances",
          "name" : "https://portswigger.net/daily-swig/localstack-zero-day-vulnerabilities-chained-to-achieve-remote-takeover-of-local-instances",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://blog.sonarsource.com/hack-the-stack-with-localstack",
          "name" : "https://blog.sonarsource.com/hack-the-stack-with-localstack",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A Cross-site scripting (XSS) vulnerability exists in StackLift LocalStack 0.12.6."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T05:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32090",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://portswigger.net/daily-swig/localstack-zero-day-vulnerabilities-chained-to-achieve-remote-takeover-of-local-instances",
          "name" : "https://portswigger.net/daily-swig/localstack-zero-day-vulnerabilities-chained-to-achieve-remote-takeover-of-local-instances",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://blog.sonarsource.com/hack-the-stack-with-localstack",
          "name" : "https://blog.sonarsource.com/hack-the-stack-with-localstack",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T05:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32074",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/hashicorp/vault-action/pull/208",
          "name" : "https://github.com/hashicorp/vault-action/pull/208",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/hashicorp/vault-action/issues/205",
          "name" : "https://github.com/hashicorp/vault-action/issues/205",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/hashicorp/vault-action/blob/master/CHANGELOG.md",
          "name" : "https://github.com/hashicorp/vault-action/blob/master/CHANGELOG.md",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://discuss.hashicorp.com/t/hcsec-2021-13-vault-github-action-did-not-correctly-mask-multi-line-secrets-in-output/24128",
          "name" : "https://discuss.hashicorp.com/t/hcsec-2021-13-vault-github-action-did-not-correctly-mask-multi-line-secrets-in-output/24128",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows attackers to obtain sensitive information from log files because a multi-line secret was not correctly registered with GitHub Actions for log masking."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T05:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32104",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592",
          "name" : "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431",
          "name" : "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability",
          "name" : "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.open-emr.org/wiki/index.php/Old_Outdated_OpenEMR_Patches",
          "name" : "https://www.open-emr.org/wiki/index.php/Old_Outdated_OpenEMR_Patches",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal",
          "name" : "https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T04:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32103",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592",
          "name" : "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431",
          "name" : "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability",
          "name" : "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal",
          "name" : "https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T04:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32102",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592",
          "name" : "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431",
          "name" : "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability",
          "name" : "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.open-emr.org/wiki/index.php/Old_Outdated_OpenEMR_Patches",
          "name" : "https://www.open-emr.org/wiki/index.php/Old_Outdated_OpenEMR_Patches",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal",
          "name" : "https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T04:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32101",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592",
          "name" : "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431",
          "name" : "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability",
          "name" : "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal",
          "name" : "https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then manipulate and read data of every registered patient."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T04:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32100",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained",
          "name" : "https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://pandorafms.com/blog/whats-new-in-pandora-fms-743/",
          "name" : "https://pandorafms.com/blog/whats-new-in-pandora-fms-743/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://portswigger.net/daily-swig/multiple-vulnerabilities-in-pandora-fms-could-trigger-remote-execution-attack",
          "name" : "https://portswigger.net/daily-swig/multiple-vulnerabilities-in-pandora-fms-could-trigger-remote-execution-attack",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T04:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32099",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained",
          "name" : "https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://pandorafms.com/blog/whats-new-in-pandora-fms-743/",
          "name" : "https://pandorafms.com/blog/whats-new-in-pandora-fms-743/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://portswigger.net/daily-swig/multiple-vulnerabilities-in-pandora-fms-could-trigger-remote-execution-attack",
          "name" : "https://portswigger.net/daily-swig/multiple-vulnerabilities-in-pandora-fms-could-trigger-remote-execution-attack",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T04:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32098",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained",
          "name" : "https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://pandorafms.com/blog/whats-new-in-pandora-fms-743/",
          "name" : "https://pandorafms.com/blog/whats-new-in-pandora-fms-743/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://portswigger.net/daily-swig/multiple-vulnerabilities-in-pandora-fms-could-trigger-remote-execution-attack",
          "name" : "https://portswigger.net/daily-swig/multiple-vulnerabilities-in-pandora-fms-could-trigger-remote-execution-attack",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T04:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32096",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed",
          "name" : "https://blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover",
          "name" : "https://portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The ConsoleAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code (for an eval call) via the CONSOLE_COMMAND_STRING parameter."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T04:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32095",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed",
          "name" : "https://blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover",
          "name" : "https://portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to delete arbitrary files."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T04:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32094",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed",
          "name" : "https://blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover",
          "name" : "https://portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to upload arbitrary files."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-07T04:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32077",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.marbasec.com/blog/cve-2021-32077-fun-with-social-security-numbers",
          "name" : "https://www.marbasec.com/blog/cve-2021-32077-fun-with-social-security-numbers",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.veritystream.com/legacy/msow-solutions",
          "name" : "https://www.veritystream.com/legacy/msow-solutions",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes hidden) search field, because the last four SSN digits are part of the supported combination of search selectors. This discloses doctors' and nurses' social security numbers and PII."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T23:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-23264",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/forkcms/forkcms/pull/3123",
          "name" : "https://github.com/forkcms/forkcms/pull/3123",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T22:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-23263",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/forkcms/forkcms/pull/3093",
          "name" : "https://github.com/forkcms/forkcms/pull/3093",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the \"navigation_title\" parameter and the \"title\" parameter in /private/en/pages/add."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T22:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31737",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/emlog/emlog/issues/82",
          "name" : "https://github.com/emlog/emlog/issues/82",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T21:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29203",
        "ASSIGNER" : "security-alert@hpe.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.tenable.com/security/research/tra-2021-15",
          "name" : "https://www.tenable.com/security/research/tra-2021-15",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04124en_us",
          "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04124en_us",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. HPE has released a software update to resolve the vulnerability in the HPE Edgeline Infrastructure Manager."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T21:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-27941",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/salgio/eWeLink-QR-Code",
          "name" : "https://github.com/salgio/eWeLink-QR-Code",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://apps.apple.com/us/app/ewelink-smart-home/id1035163158",
          "name" : "https://apps.apple.com/us/app/ewelink-smart-home/id1035163158",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://play.google.com/store/apps/details?id=com.coolkit&hl=en_US",
          "name" : "https://play.google.com/store/apps/details?id=com.coolkit&hl=en_US",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during a device pairing process."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T21:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29493",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-94"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/kennnyshiwa/kennnyshiwa-cogs/security/advisories/GHSA-f4j2-2cwr-h473",
          "name" : "https://github.com/kennnyshiwa/kennnyshiwa-cogs/security/advisories/GHSA-f4j2-2cwr-h473",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has been found in the Tickets module of kennnyshiwa-cogs. This exploit allows discord users to craft a message that can reveal sensitive and harmful information. Users can upgrade to version 5a84d60018468e5c0346f7ee74b2b4650a6dade7 to receive a patch or, as a workaround, unload tickets to render the exploit unusable."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T20:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28665",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://advisories.stormshield.eu/",
          "name" : "https://advisories.stormshield.eu/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://advisories-admin.stormshield.eu/2021-014",
          "name" : "https://advisories-admin.stormshield.eu/2021-014",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T20:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28198",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager",
          "name" : "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py",
          "name" : "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "** UNSUPPORTED WHEN ASSIGNED ** The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in \"interactive\" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T20:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31828",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/opendistro-for-elasticsearch/alerting/pull/353",
          "name" : "https://github.com/opendistro-for-elasticsearch/alerting/pull/353",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://opendistro.github.io/for-elasticsearch-docs/version-history/",
          "name" : "https://opendistro.github.io/for-elasticsearch-docs/version-history/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T19:15Z",
    "lastModifiedDate" : "2021-05-07T09:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-18890",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/choregus/puppyCMS/issues/14",
          "name" : "https://github.com/choregus/puppyCMS/issues/14",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T18:15Z",
    "lastModifiedDate" : "2021-05-06T18:18Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-18888",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/choregus/puppyCMS/issues/15",
          "name" : "https://github.com/choregus/puppyCMS/issues/15",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote malicious attackers to delete the file/folder via /admin/functions.php."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T18:15Z",
    "lastModifiedDate" : "2021-05-06T18:18Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31918",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-200"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1954250",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1954250",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T17:15Z",
    "lastModifiedDate" : "2021-05-06T18:18Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31916",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://seclists.org/oss-sec/2021/q1/268",
          "name" : "https://seclists.org/oss-sec/2021/q1/268",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1946965",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1946965",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/torvalds/linux/commit/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a",
          "name" : "https://github.com/torvalds/linux/commit/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T17:15Z",
    "lastModifiedDate" : "2021-05-06T18:18Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31793",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://gist.github.com/tj-oconnor/16a4116050bbcb4717315f519b944f1f",
          "name" : "https://gist.github.com/tj-oconnor/16a4116050bbcb4717315f519b944f1f",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://cloud.binary.ninja/embed/f4400a22-c438-403a-bf2a-939ca44a4f6b",
          "name" : "https://cloud.binary.ninja/embed/f4400a22-c438-403a-bf2a-939ca44a4f6b",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. The binary app offers a web server on port 80 that allows an unauthenticated user to take a snapshot from the doorbell camera via the /snapshot URI."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T17:15Z",
    "lastModifiedDate" : "2021-05-06T18:18Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-18889",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/choregus/puppyCMS/issues/13",
          "name" : "https://github.com/choregus/puppyCMS/issues/13",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T17:15Z",
    "lastModifiedDate" : "2021-05-06T18:18Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-25043",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/SpiderLabs/ModSecurity/issues/2566",
          "name" : "https://github.com/SpiderLabs/ModSecurity/issues/2566",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a \"string index out of range\" error and worker-process crash for a \"Cookie: =abc\" header."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T17:15Z",
    "lastModifiedDate" : "2021-05-06T18:18Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3507",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-119"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1951118",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1951118",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T16:15Z",
    "lastModifiedDate" : "2021-05-06T16:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32052",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://docs.djangoproject.com/en/3.2/releases/security/",
          "name" : "https://docs.djangoproject.com/en/3.2/releases/security/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/06/1",
          "name" : "http://www.openwall.com/lists/oss-security/2021/05/06/1",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://groups.google.com/forum/#!forum/django-announce",
          "name" : "https://groups.google.com/forum/#!forum/django-announce",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.djangoproject.com/weblog/2021/may/06/security-releases/",
          "name" : "https://www.djangoproject.com/weblog/2021/may/06/security-releases/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T16:15Z",
    "lastModifiedDate" : "2021-05-06T16:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31829",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/04/4",
          "name" : "http://www.openwall.com/lists/oss-security/2021/05/04/4",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/torvalds/linux/commit/801c6058d14a82179a7ee17a4b532cac6fad067f",
          "name" : "https://github.com/torvalds/linux/commit/801c6058d14a82179a7ee17a4b532cac6fad067f",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T16:15Z",
    "lastModifiedDate" : "2021-05-06T16:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28152",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://en.hongdian.com/Products/Details/H8922",
          "name" : "http://en.hongdian.com/Products/Details/H8922",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/",
          "name" : "https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T16:15Z",
    "lastModifiedDate" : "2021-05-06T16:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28151",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://en.hongdian.com/Products/Details/H8922",
          "name" : "http://en.hongdian.com/Products/Details/H8922",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/",
          "name" : "https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T16:15Z",
    "lastModifiedDate" : "2021-05-06T16:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28150",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://en.hongdian.com/Products/Details/H8922",
          "name" : "http://en.hongdian.com/Products/Details/H8922",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/",
          "name" : "https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T16:15Z",
    "lastModifiedDate" : "2021-05-06T16:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28149",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://en.hongdian.com/Products/Details/H8922",
          "name" : "http://en.hongdian.com/Products/Details/H8922",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/",
          "name" : "https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T16:15Z",
    "lastModifiedDate" : "2021-05-06T16:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32030",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0010.md",
          "name" : "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0010.md",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-Gaming-Routers/RT-AC2900/HelpDesk_BIOS/",
          "name" : "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-Gaming-Routers/RT-AC2900/HelpDesk_BIOS/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_check in web_hook.o. An attacker-supplied value of '\\0' matches the device's default value of '\\0' in some situations."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T15:15Z",
    "lastModifiedDate" : "2021-05-06T16:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30473",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://aomedia.googlesource.com/aom/+/4efe20e99dcd9b6f8eadc8de8acc825be7416578",
          "name" : "https://aomedia.googlesource.com/aom/+/4efe20e99dcd9b6f8eadc8de8acc825be7416578",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://bugs.chromium.org/p/aomedia/issues/detail?id=2998",
          "name" : "https://bugs.chromium.org/p/aomedia/issues/detail?id=2998",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T15:15Z",
    "lastModifiedDate" : "2021-05-06T16:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20204",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-119"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1956348",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1956348",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T15:15Z",
    "lastModifiedDate" : "2021-05-06T16:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-35519",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1908251",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1908251",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T15:15Z",
    "lastModifiedDate" : "2021-05-06T16:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28128",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-008.txt",
          "name" : "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-008.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/strapi/strapi/releases",
          "name" : "https://github.com/strapi/strapi/releases",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://strapi.io/changelog",
          "name" : "https://strapi.io/changelog",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. An attacker who gains access to a valid session can use this to take over an account by changing the password."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T14:15Z",
    "lastModifiedDate" : "2021-05-06T16:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22210",
        "ASSIGNER" : "cve@gitlab.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22210.json",
          "name" : "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22210.json",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/322500",
          "name" : "https://gitlab.com/gitlab-org/gitlab/-/issues/322500",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a considerable amount of results."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T14:15Z",
    "lastModifiedDate" : "2021-05-06T16:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22209",
        "ASSIGNER" : "cve@gitlab.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/327155",
          "name" : "https://gitlab.com/gitlab-org/gitlab/-/issues/327155",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22209.json",
          "name" : "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22209.json",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T14:15Z",
    "lastModifiedDate" : "2021-05-06T16:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22208",
        "ASSIGNER" : "cve@gitlab.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/301212",
          "name" : "https://gitlab.com/gitlab-org/gitlab/-/issues/301212",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22208.json",
          "name" : "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22208.json",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T14:15Z",
    "lastModifiedDate" : "2021-05-06T16:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22206",
        "ASSIGNER" : "cve@gitlab.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://hackerone.com/reports/928074",
          "name" : "https://hackerone.com/reports/928074",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22206.json",
          "name" : "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22206.json",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/230864",
          "name" : "https://gitlab.com/gitlab-org/gitlab/-/issues/230864",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T14:15Z",
    "lastModifiedDate" : "2021-05-06T16:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3501",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1950136",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1950136",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a",
          "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32062",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://mapserver.org/development/changelog/changelog-7-6.html",
          "name" : "https://mapserver.org/development/changelog/changelog-7-6.html",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://mapserver.org/development/changelog/changelog-7-0.html",
          "name" : "https://mapserver.org/development/changelog/changelog-7-0.html",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://mapserver.org/development/changelog/changelog-7-4.html",
          "name" : "https://mapserver.org/development/changelog/changelog-7-4.html",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://mapserver.org/development/changelog/changelog-7-2.html",
          "name" : "https://mapserver.org/development/changelog/changelog-7-2.html",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31616",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/keepkey/keepkey-firmware/commit/e49d45594002d4d3fbc1f03488e6dfc0a0a65836",
          "name" : "https://github.com/keepkey/keepkey-firmware/commit/e49d45594002d4d3fbc1f03488e6dfc0a0a65836",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/keepkey/keepkey-firmware/releases/tag/v7.1.0",
          "name" : "https://github.com/keepkey/keepkey-firmware/releases/tag/v7.1.0",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://blog.inhq.net/posts/keepkey-CVE-2021-31616/",
          "name" : "https://blog.inhq.net/posts/keepkey-CVE-2021-31616/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://shapeshift.com/library/keepkey-important-update-issued-april-4-required",
          "name" : "https://shapeshift.com/library/keepkey-important-update-issued-april-4-required",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is reachable remotely over WebUSB."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T20:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31532",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://oxide.computer/blog/lpc55/",
          "name" : "https://oxide.computer/blog/lpc55/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.nxp.com",
          "name" : "https://www.nxp.com",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), and LPC55S1x, LPC551x (silicon rev 0A) include an undocumented ROM patch peripheral that allows unsigned, non-persistent modification of the internal ROM. The peripheral is accessible from any execution mode (secure/privileged, secure/unprivileged, non-secure/privileged, non-secure/unprivileged). The ROM includes a set of APIs intended for use by a secure application to perform flash and in-application programming (IAP) operations. An attacker may use the ROM patch peripheral to modify the implementation of these ROM APIs from a non-secure, unprivileged context. If a non-secure application can also cause the secure application to invoke these ROM APIs, this provides privilege escalation and arbitrary code execution."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31409",
        "ASSIGNER" : "security@vaadin.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/vaadin/framework/pull/12241",
          "name" : "https://github.com/vaadin/framework/pull/12241",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/vaadin/framework/issues/12240",
          "name" : "https://github.com/vaadin/framework/issues/12240",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://vaadin.com/security/cve-2021-31409",
          "name" : "https://vaadin.com/security/cve-2021-31409",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Unsafe validation RegEx in EmailValidator component in com.vaadin:vaadin-compatibility-server versions 8.0.0 through 8.12.4 (Vaadin versions 8.0.0 through 8.12.4) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31245",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/Ysurac/openmptcprouter-vps-admin",
          "name" : "https://github.com/Ysurac/openmptcprouter-vps-admin",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.openmptcprouter.com/",
          "name" : "https://www.openmptcprouter.com/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/Ysurac/openmptcprouter-vps-admin/commit/a01cbc8c3d3b8bb7720bf3ff234671b4c0e1859c#diff-b89ee68e63302a732d4bde35eb04a205b06f1611147e139642356f173195ab80",
          "name" : "https://github.com/Ysurac/openmptcprouter-vps-admin/commit/a01cbc8c3d3b8bb7720bf3ff234671b4c0e1859c#diff-b89ee68e63302a732d4bde35eb04a205b06f1611147e139642356f173195ab80",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://medium.com/d3crypt/timing-attack-on-openmptcprouter-vps-admin-authentication-cve-2021-31245-12dd92303e1",
          "name" : "https://medium.com/d3crypt/timing-attack-on-openmptcprouter-vps-admin-authentication-cve-2021-31245-12dd92303e1",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares the user provided password with the original password in a length dependent manner, which allows remote attackers to guess the password via a timing attack."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29921",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/python/cpython/pull/25099",
          "name" : "https://github.com/python/cpython/pull/25099",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://sick.codes/sick-2021-014",
          "name" : "https://sick.codes/sick-2021-014",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html",
          "name" : "https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/sickcodes",
          "name" : "https://github.com/sickcodes",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md",
          "name" : "https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/python/cpython/pull/12577",
          "name" : "https://github.com/python/cpython/pull/12577",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://docs.python.org/3/library/ipaddress.html",
          "name" : "https://docs.python.org/3/library/ipaddress.html",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst",
          "name" : "https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://bugs.python.org/issue36384",
          "name" : "https://bugs.python.org/issue36384",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Improper input validation of octal strings in Python stdlib ipaddress 3.10 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. IP address octects are left stripped instead of evaluated as valid IP addresses."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29491",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-913"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/adaltas/node-mixme/security/advisories/GHSA-79jw-6wg7-r9g4",
          "name" : "https://github.com/adaltas/node-mixme/security/advisories/GHSA-79jw-6wg7-r9g4",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Mixme is a library for recursive merging of Javascript objects. In Node.js mixme v0.5.0, an attacker can add or alter properties of an object via 'proto' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS). The problem is corrected starting with version 0.5.1; no workarounds are known to exist."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29490",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-918"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/jellyfin/jellyfin/security/advisories/GHSA-rgjw-4fwc-9v96",
          "name" : "https://github.com/jellyfin/jellyfin/security/advisories/GHSA-rgjw-4fwc-9v96",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter. This issue potentially exposes both internal and external HTTP servers or other resources available via HTTP `GET` that are visible from the Jellyfin server. The vulnerability is patched in version 10.7.3. As a workaround, disable external access to the API endpoints `/Items/*/RemoteImages/Download`, `/Items/RemoteSearch/Image` and `/Images/Remote` via reverse proxy, or limit to known-friendly IPs."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-27216",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28007-LFDIR.txt",
          "name" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28007-LFDIR.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-26543",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://advisory.checkmarx.net/advisory/CX-2020-4302",
          "name" : "https://advisory.checkmarx.net/advisory/CX-2020-4302",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.npmjs.com/package/git-parse",
          "name" : "https://www.npmjs.com/package/git-parse",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The \"gitDiff\" function in Wayfair git-parse <=1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24254",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-434"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/College%20Puglisher%20Import.md",
          "name" : "https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/College%20Puglisher%20Import.md",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://wpscan.com/vulnerability/bb3e56dd-ae2e-45c2-a6c9-a59ae5fc1dc4",
          "name" : "https://wpscan.com/vulnerability/bb3e56dd-ae2e-45c2-a6c9-a59ae5fc1dc4",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The College publisher Import WordPress plugin through 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due to the lack of CSRF check, the issue could also be exploited via a CSRF attack."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24253",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-434"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/ee42c233-0ff6-4b27-a5ec-ad3246bef079",
          "name" : "https://wpscan.com/vulnerability/ee42c233-0ff6-4b27-a5ec-ad3246bef079",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/classyfrieds.md",
          "name" : "https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/classyfrieds.md",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to RCE."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24252",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-434"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/Event%20Banner.md",
          "name" : "https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/Event%20Banner.md",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://wpscan.com/vulnerability/91e81c6d-f24d-4f87-bc13-746715af8f7c",
          "name" : "https://wpscan.com/vulnerability/91e81c6d-f24d-4f87-bc13-746715af8f7c",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation checks are missing (but would require WP to be loaded)"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24251",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-352"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/c9911236-4af3-4557-9bc0-217face534e1",
          "name" : "https://wpscan.com/vulnerability/c9911236-4af3-4557-9bc0-217face534e1",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator update arbitrary payment history, such as change their status (from pending to completed to example)"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24250",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/e23bf712-d891-4df7-99cc-9ef64f19f685",
          "name" : "https://wpscan.com/vulnerability/e23bf712-d891-4df7-99cc-9ef64f19f685",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24249",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-352"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/fc4cf749-34ef-43b8-a529-5065d698ab81",
          "name" : "https://wpscan.com/vulnerability/fc4cf749-34ef-43b8-a529-5065d698ab81",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as email, home addresses etc"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24248",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-434"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/ca886a34-cd2b-4032-9de1-8089b5cf3001",
          "name" : "https://wpscan.com/vulnerability/ca886a34-cd2b-4032-9de1-8089b5cf3001",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24247",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/e2990a7a-d4f0-424e-b01d-ecf67cf9c9f3",
          "name" : "https://wpscan.com/vulnerability/e2990a7a-d4f0-424e-b01d-ecf67cf9c9f3",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24246",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/2365a9d0-f6f4-4602-9804-5af23d0cb11d",
          "name" : "https://wpscan.com/vulnerability/2365a9d0-f6f4-4602-9804-5af23d0cb11d",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://m0ze.ru/vulnerability/[2021-02-10]-[WordPress]-[CWE-79]-WorkScout-WordPress-Theme-v2.0.33.txt",
          "name" : "https://m0ze.ru/vulnerability/[2021-02-10]-[WordPress]-[CWE-79]-WorkScout-WordPress-Theme-v2.0.33.txt",
          "refsource" : "MISC",
          "tags" : [ "Broken Link" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscout_send_message_chat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24245",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/5e7accd6-08dc-4c6e-9d19-73e2d7e97735",
          "name" : "https://wpscan.com/vulnerability/5e7accd6-08dc-4c6e-9d19-73e2d7e97735",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24244",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-863"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9",
          "name" : "https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://codecanyon.net/item/visual-composer-clipboard/8897711",
          "name" : "https://codecanyon.net/item/visual-composer-clipboard/8897711",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24243",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/3bc0733a-b949-40c9-a5fb-f56814fc4af3",
          "name" : "https://wpscan.com/vulnerability/3bc0733a-b949-40c9-a5fb-f56814fc4af3",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://codecanyon.net/item/visual-composer-clipboard/8897711",
          "name" : "https://codecanyon.net/item/visual-composer-clipboard/8897711",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be triggered in all backend pages."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24236",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-434"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/8f24e74f-60e3-4100-9ab2-ec31b9c9cdea",
          "name" : "https://wpscan.com/vulnerability/8f24e74f-60e3-4100-9ab2-ec31b9c9cdea",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Imagements WordPress plugin through 1.2.5 allows images to be uploaded in comments, however only checks for the Content-Type in the request to forbid dangerous files. This allows unauthenticated attackers to upload arbitrary files by using a valid image Content-Type along with a PHP filename and code, leading to RCE."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24214",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10",
          "name" : "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24179",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-352"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/c0a5cdde-732a-432a-86c2-776df5d130a7",
          "name" : "https://wpscan.com/vulnerability/c0a5cdde-732a-432a-86c2-776df5d130a7",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to RCE."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24178",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-352"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/700f3b04-8298-447c-8d3c-4581880a63b5",
          "name" : "https://wpscan.com/vulnerability/700f3b04-8298-447c-8d3c-4581880a63b5",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting issues."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22211",
        "ASSIGNER" : "cve@gitlab.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/298847",
          "name" : "https://gitlab.com/gitlab-org/gitlab/-/issues/298847",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22211.json",
          "name" : "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22211.json",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21550",
        "ASSIGNER" : "secure@dell.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.dell.com/support/kbdoc/000185978",
          "name" : "https://www.dell.com/support/kbdoc/000185978",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21527",
        "ASSIGNER" : "secure@dell.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.dell.com/support/kbdoc/000185978",
          "name" : "https://www.dell.com/support/kbdoc/000185978",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21505",
        "ASSIGNER" : "secure@dell.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.dell.com/support/kbdoc/en-us/000186008/dsa-2021-020-dell-emc-integrated-system-for-microsoft-azure-stack-hub-security-update-for-an-idrac-undocumented-account-vulnerability",
          "name" : "https://www.dell.com/support/kbdoc/en-us/000186008/dsa-2021-020-dell-emc-integrated-system-for-microsoft-azure-stack-hub-security-update-for-an-idrac-undocumented-account-vulnerability",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit this to log in to the system to gain root privileges."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1535",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-497"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanageinfdis-LKrFpbv",
          "name" : "20210505 Cisco SD-WAN vManage Information Disclosure Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the Cisco SD-WAN vManage Software must be in cluster mode. This vulnerability is due to the absence of authentication for sensitive information in the cluster management interface. An attacker could exploit this vulnerability by sending a crafted request to the cluster management interface of an affected system. A successful exploit could allow the attacker to allow the attacker to view sensitive information on the affected system."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1532",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-22"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tp-rmos-fileread-pE9sL3g",
          "name" : "20210505 Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Read Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability is due to insufficient path validation of command arguments. An attacker could exploit this vulnerability by sending a crafted command request to the xAPI. A successful exploit could allow the attacker to read the contents of any file that is located on the device filesystem."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1530",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bwms-xxe-uSLrZgKs",
          "name" : "20210505 Cisco BroadWorks Messaging Server XML External Entity Injection Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote attacker to access sensitive information or cause a partial denial of service (DoS) condition on an affected system. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by uploading a crafted XML file that contains references to external entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a partial DoS condition on an affected system. There are workarounds that address this vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1521",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-119"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcameras-dos-fc3F6LzT",
          "name" : "20210505 Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Denial of Service Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause an affected IP camera to reload. This vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected IP camera. A successful exploit could allow the attacker to cause the affected IP camera to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1520",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-123"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-34x-privesc-GLN8ZAQE",
          "name" : "20210505 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Local Privilege Escalation Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the internal message processing of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, local attacker to run arbitrary commands with root privileges on the underlying operating system (OS). This vulnerability exists because an internal messaging service does not properly sanitize input. An attacker could exploit this vulnerability by first authenticating to the device and then sending a crafted request to the internal service. A successful exploit could allow the attacker to run arbitrary commands with root privileges on the underlying OS. To exploit this vulnerability, the attacker must have valid Administrator credentials for the device."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1519",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-profile-AggMUCDg",
          "name" : "20210505 Cisco AnyConnect Secure Mobility Client Profile Modification Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to modify VPN profile files. To exploit this vulnerability, the attacker must have valid credentials on the affected system."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "4.10.00093:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-07T20:55Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1516",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-540"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-info-gY2AEz2H",
          "name" : "20210505 Cisco Content Security Management Appliance, Email Security Appliance, and Web Security Appliance Information Disclosure Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA), Cisco Email Security Appliance (ESA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is included in HTTP requests that are exchanged between the user and the device. An attacker could exploit this vulnerability by looking at the raw HTTP requests that are sent to the interface. A successful exploit could allow the attacker to obtain some of the passwords that are configured throughout the interface."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1515",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-284"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-9VZO4gfU",
          "name" : "20210505 Cisco SD-WAN vManage Information Disclosure Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to gain access to sensitive information. This vulnerability is due to improper access controls on API endpoints when Cisco SD-WAN vManage Software is running in multi-tenant mode. An attacker with access to a device that is managed in the multi-tenant environment could exploit this vulnerability by sending a request to an affected API endpoint on the vManage system. A successful exploit could allow the attacker to gain access to sensitive information that may include hashed credentials that could be used in future attacks."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1514",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-QVszVUPy",
          "name" : "20210505 Cisco SD-WAN Software Privilege Escalation Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as a low-privileged user to execute the affected commands. A successful exploit could allow the attacker to execute commands with Administrator privileges."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1513",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dos-Ckn5cVqW",
          "name" : "20210505 Cisco SD-WAN Software vDaemon Denial of Service Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the vDaemon process of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1512",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-552"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfile-7Qhd9mCn",
          "name" : "20210505 Cisco SD-WAN Software Arbitrary File Corruption Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content in any arbitrary files that reside on the underlying host file system."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1511",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-119"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-buffover-MWGucjtO",
          "name" : "20210505 Cisco SD-WAN vEdge Software Buffer Overflow Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1510",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-119"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-buffover-MWGucjtO",
          "name" : "20210505 Cisco SD-WAN vEdge Software Buffer Overflow Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1509",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-119"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-buffover-MWGucjtO",
          "name" : "20210505 Cisco SD-WAN vEdge Software Buffer Overflow Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1508",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ",
          "name" : "20210505 Cisco SD-WAN vManage Software Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1507",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-xss-eN75jxtW",
          "name" : "20210505 Cisco SD-WAN vManage API Stored Cross-Site Scripting Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in an API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the application web-based interface. This vulnerability exists because the API does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending malicious input to the API. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based interface or access sensitive, browser-based information."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1506",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ",
          "name" : "20210505 Cisco SD-WAN vManage Software Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1505",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ",
          "name" : "20210505 Cisco SD-WAN vManage Software Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1499",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-306"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-upload-KtCK8Ugz",
          "name" : "20210505 Cisco HyperFlex HX Data Platform File Upload Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the attacker to upload files to the affected device with the permissions of the tomcat8 user."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1498",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-78"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR",
          "name" : "20210505 Cisco HyperFlex HX Command Injection Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1497",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-78"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR",
          "name" : "20210505 Cisco HyperFlex HX Command Injection Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1496",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-427"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-code-exec-jR3tWTA6",
          "name" : "20210505 Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:windows:*:*",
          "versionEndExcluding" : "4.9.03022:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-07T21:10Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1490",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-xss-mVjOWchB",
          "name" : "20210505 Cisco Web Security Appliance Cross-Site Scripting Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by persuading a user to retrieve a crafted file that contains malicious payload and upload it to the affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1486",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-203"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-enumeration-64eNnDKy",
          "name" : "20210505 Cisco SD-WAN vManage HTTP Authentication User Enumeration Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. This vulnerability is due to the improper handling of HTTP headers. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare the HTTP responses that are returned by the affected system to determine which accounts are valid user accounts."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1478",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-OO4SRYEf",
          "name" : "20210505 Cisco Unified Communications Manager Denial of Service Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an unsecured TCP/IP port. An attacker could exploit this vulnerability by accessing the port and restarting the JMX process. A successful exploit could allow the attacker to cause a DoS condition on an affected system."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1468",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ",
          "name" : "20210505 Cisco SD-WAN vManage Software Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1447",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-269"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-priv-esc-JJ8zxQsC",
          "name" : "20210505 Cisco Content Security Management Appliance Privilege Escalation Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, local attacker to elevate their privileges to root. This vulnerability is due to a procedural flaw in the password generation algorithm. An attacker could exploit this vulnerability by enabling specific Administrator-only features and connecting to the appliance through the CLI with elevated privileges. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. To exploit this vulnerability, the attacker must have valid Administrator credentials."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1438",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-668"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-infdisc-Twb4EypK",
          "name" : "20210505 Cisco Wide Area Application Services Software Information Disclosure Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that they originally did not have permissions to access."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1430",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-427"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-code-exec-jR3tWTA6",
          "name" : "20210505 Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:windows:*:*",
          "versionEndExcluding" : "4.9.06037:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-07T21:09Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1429",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-427"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-code-exec-jR3tWTA6",
          "name" : "20210505 Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:windows:*:*",
          "versionEndExcluding" : "4.10.00093:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-07T21:00Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1428",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-427"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-code-exec-jR3tWTA6",
          "name" : "20210505 Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:windows:*:*",
          "versionEndExcluding" : "4.10.00093:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-07T20:59Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1427",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-427"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-code-exec-jR3tWTA6",
          "name" : "20210505 Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:windows:*:*",
          "versionEndExcluding" : "4.9.06037:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-07T20:59Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1426",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-427"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-code-exec-jR3tWTA6",
          "name" : "20210505 Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:windows:*:*",
          "versionEndExcluding" : "4.9.06037:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-07T20:59Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1421",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-78"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-cmdinj-DkFjqg2j",
          "name" : "20210505 Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could exploit this vulnerability by including malicious input during the execution of this command. A successful exploit could allow a non-privileged attacker authenticated in the restricted CLI to execute arbitrary commands on the underlying operating system (OS) with root privileges."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1401",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-269"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF",
          "name" : "20210505 Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1400",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-269"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF",
          "name" : "20210505 Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1397",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-601"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-openred-zAYrU6d2",
          "name" : "20210505 Cisco Integrated Management Controller Open Redirect Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1365",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR",
          "name" : "20210505 Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM &amp; Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1363",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR",
          "name" : "20210505 Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM &amp; Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1284",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-284"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-auth-bypass-65aYqcS2",
          "name" : "20210505 Cisco SD-WAN vManage Software Authentication Bypass Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. To exploit this vulnerability, the attacker must be able to access an associated Cisco SD-WAN vEdge device. This vulnerability is due to insufficient authorization checks. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based messaging service interface of an affected system. A successful exploit could allow the attacker to gain unauthenticated read and write access to the affected vManage system. With this access, the attacker could access information about the affected vManage system, modify the configuration of the system, or make configuration changes to devices that are managed by the system."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1275",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ",
          "name" : "20210505 Cisco SD-WAN vManage Software Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28026",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28026-FGETS.txt",
          "name" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28026-FGETS.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary commands as root."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28025",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28025-BHASH.txt",
          "name" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28025-BHASH.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28024",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28024-UNGET.txt",
          "name" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28024-UNGET.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28023",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28023-SCHAD.txt",
          "name" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28023-SCHAD.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28022",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28022-EXOPT.txt",
          "name" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28022-EXOPT.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28021",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28021-MAUTH.txt",
          "name" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28021-MAUTH.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28020",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28020-HSIZE.txt",
          "name" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28020-HSIZE.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28019",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28019-BDATA.txt",
          "name" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28019-BDATA.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28018",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28018-OCORK.txt",
          "name" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28018-OCORK.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28017",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28017-RCPTL.txt",
          "name" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28017-RCPTL.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28016",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28016-PFPZA.txt",
          "name" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28016-PFPZA.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because \"-F ''\" is mishandled by parse_fix_phrase."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28015",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28015-NLEND.txt",
          "name" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28015-NLEND.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28014",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28014-PIDFP.txt",
          "name" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28014-PIDFP.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28013",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28013-PFPSN.txt",
          "name" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28013-PFPSN.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles \"-F '.('\" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28012",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28012-CLOSE.txt",
          "name" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28012-CLOSE.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28011",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28011-SPRSS.txt",
          "name" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28011-SPRSS.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28010",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28010-SLCWD.txt",
          "name" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28010-SLCWD.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28009",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28009-STDIN.txt",
          "name" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28009-STDIN.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow (multiple days)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28008",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28008-SPDIR.txt",
          "name" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28008-SPDIR.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28007",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28007-LFDIR.txt",
          "name" : "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28007-LFDIR.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-23128",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-41-2020-04-22-Medium-risk-high-impact-CSRF-and-privilege-escalation-via-CSRF",
          "name" : "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-41-2020-04-22-Medium-risk-high-impact-CSRF-and-privilege-escalation-via-CSRF",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://toandak.blogspot.com/2020/05/improper-privilege-management-in.html",
          "name" : "https://toandak.blogspot.com/2020/05/improper-privilege-management-in.html",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-23127",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-352"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://toandak.blogspot.com/2020/05/csrf-vulnerbility-in-chamilo-lms.html",
          "name" : "https://toandak.blogspot.com/2020/05/csrf-vulnerbility-in-chamilo-lms.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-41-2020-04-22-Medium-risk-high-impact-CSRF-and-privilege-escalation-via-CSRF",
          "name" : "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-41-2020-04-22-Medium-risk-high-impact-CSRF-and-privilege-escalation-via-CSRF",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:chamilo:chamilo_lms:1.11.10:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-07T17:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-19114",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/8",
          "name" : "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/8",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:projectworlds:online_book_store_project_in_php:1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-07T15:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-19113",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/15",
          "name" : "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/15",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-19112",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/13",
          "name" : "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/13",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:projectworlds:online_book_store_project_in_php:1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-07T15:49Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-19111",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/14",
          "name" : "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/14",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-06T13:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-19110",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/11",
          "name" : "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/11",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:projectworlds:online_book_store_project_in_php:1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-07T15:48Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-19109",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/12",
          "name" : "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/12",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:projectworlds:online_book_store_project_in_php:1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-07T15:51Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-19108",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/10",
          "name" : "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/10",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:projectworlds:online_book_store_project_in_php:1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-07T15:51Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-19107",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/9",
          "name" : "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/9",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:projectworlds:online_book_store_project_in_php:1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-06T13:15Z",
    "lastModifiedDate" : "2021-05-07T15:51Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31411",
        "ASSIGNER" : "security@vaadin.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://vaadin.com/security/cve-2021-31411",
          "name" : "https://vaadin.com/security/cve-2021-31411",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/vaadin/flow/pull/10640",
          "name" : "https://github.com/vaadin/flow/pull/10640",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0.0 through 19.0.4) allows local users to inject malicious code into frontend resources during application rebuilds."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-05T19:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29101",
        "ASSIGNER" : "psirt@esri.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.esri.com/arcgis-blog/products/ext-server-geoevent/administration/arcgis-geoevent-server-security-update-2021-patch-1",
          "name" : "https://www.esri.com/arcgis-blog/products/ext-server-geoevent/administration/arcgis-geoevent-server-security-update-2021-patch-1",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only directory path traversal vulnerability that could allow an unauthenticated, remote attacker to perform directory traversal attacks and read arbitrary files on the system."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-05T19:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24293",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.imagely.com/wordpress-gallery-plugin/nextgen-pro/changelog/",
          "name" : "https://www.imagely.com/wordpress-gallery-plugin/nextgen-pro/changelog/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://wpscan.com/vulnerability/5e1a4725-3d20-44b0-8a35-bbf4263957f7",
          "name" : "https://wpscan.com/vulnerability/5e1a4725-3d20-44b0-8a35-bbf4263957f7",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is able to inject malicious javascript."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-05T19:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24276",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/1301123c-5e63-432a-ab90-3221ca532d9c",
          "name" : "https://wpscan.com/vulnerability/1301123c-5e63-432a-ab90-3221ca532d9c",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-05T19:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24275",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/efdc76e0-c14a-4baf-af70-9d381107308f",
          "name" : "https://wpscan.com/vulnerability/efdc76e0-c14a-4baf-af70-9d381107308f",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-05T19:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24274",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d",
          "name" : "https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-05T19:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24273",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "name" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://wpscan.com/vulnerability/70ddb3fd-d819-4d85-9f8b-1451a3e3e5a6",
          "name" : "https://wpscan.com/vulnerability/70ddb3fd-d819-4d85-9f8b-1451a3e3e5a6",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The “Clever Addons for Elementor” WordPress Plugin before 2.1.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-06T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24272",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-352"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f",
          "name" : "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-05T19:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24271",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/1ce8e188-6ded-413e-b4d1-bf80258acf79",
          "name" : "https://wpscan.com/vulnerability/1ce8e188-6ded-413e-b4d1-bf80258acf79",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "name" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-06T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24270",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/67967784-18b6-4e41-9597-3a4c051f3978",
          "name" : "https://wpscan.com/vulnerability/67967784-18b6-4e41-9597-3a4c051f3978",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "name" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The “DeTheme Kit for Elementor” WordPress Plugin before 1.5.5.5 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-06T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24269",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/df953a91-f1d8-42e9-8966-f2012d4f97c9",
          "name" : "https://wpscan.com/vulnerability/df953a91-f1d8-42e9-8966-f2012d4f97c9",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "name" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The “Sina Extension for Elementor” WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-06T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24268",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/68ecb965-2a9d-4e67-b069-c3dbfb14016b",
          "name" : "https://wpscan.com/vulnerability/68ecb965-2a9d-4e67-b069-c3dbfb14016b",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "name" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:crocoblock:jetwidgets_for_elementor:*:*:*:*:*:wordpress:*:*",
          "versionEndExcluding" : "1.0.9:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.3,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-07T20:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24267",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/0c96f3a1-d192-481f-9035-5393f4aadc19",
          "name" : "https://wpscan.com/vulnerability/0c96f3a1-d192-481f-9035-5393f4aadc19",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "name" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The “All-in-One Addons for Elementor – WidgetKit” WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-06T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24266",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/78014ddd-1cc2-4723-8194-4bf478888578",
          "name" : "https://wpscan.com/vulnerability/78014ddd-1cc2-4723-8194-4bf478888578",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "name" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The “The Plus Addons for Elementor Page Builder Lite” WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-06T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24265",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863",
          "name" : "https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "name" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The “Rife Elementor Extensions & Templates” WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-06T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24264",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/7fd89a49-fbb0-4308-836b-1f12dc585b1f",
          "name" : "https://wpscan.com/vulnerability/7fd89a49-fbb0-4308-836b-1f12dc585b1f",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "name" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The “Image Hover Effects – Elementor Addon” WordPress Plugin before 1.3.4 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-06T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24263",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/48876006-b00f-49b7-80a1-b1d6dc2f4eec",
          "name" : "https://wpscan.com/vulnerability/48876006-b00f-49b7-80a1-b1d6dc2f4eec",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "name" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The “Elementor Addons – PowerPack Addons for Elementor” WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-06T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24262",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "name" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://wpscan.com/vulnerability/d6d16357-2bc3-4053-8274-d0275026e56b",
          "name" : "https://wpscan.com/vulnerability/d6d16357-2bc3-4053-8274-d0275026e56b",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The “WooLentor – WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-06T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24261",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/0377705d-29e9-47db-a5bb-8acaf311a38f",
          "name" : "https://wpscan.com/vulnerability/0377705d-29e9-47db-a5bb-8acaf311a38f",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "name" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The “HT Mega – Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-06T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24260",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/fa6c7c7c-1027-4fa9-bb55-07ae2bb7f021",
          "name" : "https://wpscan.com/vulnerability/fa6c7c7c-1027-4fa9-bb55-07ae2bb7f021",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "name" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The “Livemesh Addons for Elementor” WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-06T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24259",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/0719063f-7743-4a34-94b9-f67fd98e5990",
          "name" : "https://wpscan.com/vulnerability/0719063f-7743-4a34-94b9-f67fd98e5990",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "name" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The “Elementor Addon Elements” WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-06T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24258",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/47b47b86-899b-4de3-8a3c-2d5d1774298f",
          "name" : "https://wpscan.com/vulnerability/47b47b86-899b-4de3-8a3c-2d5d1774298f",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "name" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-05T19:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24257",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/4ad8314e-1cbe-4642-b4ee-aac2060f9a25",
          "name" : "https://wpscan.com/vulnerability/4ad8314e-1cbe-4642-b4ee-aac2060f9a25",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "name" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The “Premium Addons for Elementor” WordPress Plugin before 4.2.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-06T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24256",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "name" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://wpscan.com/vulnerability/a9412fed-aed3-4931-a504-1a86f876892e",
          "name" : "https://wpscan.com/vulnerability/a9412fed-aed3-4931-a504-1a86f876892e",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The “Elementor – Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-06T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24255",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/7fb708da-e8c4-4455-b4f9-c4ad72f877da",
          "name" : "https://wpscan.com/vulnerability/7fb708da-e8c4-4455-b4f9-c4ad72f877da",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "name" : "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, both via a similar method."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T19:15Z",
    "lastModifiedDate" : "2021-05-05T19:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32055",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5",
          "name" : "https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html",
          "name" : "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc",
          "name" : "https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T16:15Z",
    "lastModifiedDate" : "2021-05-05T18:11Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29489",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/highcharts/highcharts/security/advisories/GHSA-8j65-4pcq-xq95",
          "name" : "https://github.com/highcharts/highcharts/security/advisories/GHSA-8j65-4pcq-xq95",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The vulnerability is patched in version 9. As a workaround, implementers who are not able to upgrade may apply DOMPurify recursively to the options structure to filter out malicious markup."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T16:15Z",
    "lastModifiedDate" : "2021-05-05T18:11Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29100",
        "ASSIGNER" : "psirt@esri.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.esri.com/arcgis-blog/products/arcgis-earth/administration/arcgis-earth-security-update",
          "name" : "https://www.esri.com/arcgis-blog/products/arcgis-earth/administration/arcgis-earth-security-update",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A path traversal vulnerability exists in Esri ArcGIS Earth versions 1.11.0 and below which allows arbitrary file creation on an affected system through crafted input. An attacker could exploit this vulnerability to gain arbitrary code execution under security context of the user running ArcGIS Earth by inducing the user to upload a crafted file to an affected system."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T16:15Z",
    "lastModifiedDate" : "2021-05-05T18:11Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20401",
        "ASSIGNER" : "psirt@us.ibm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-798"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196075",
          "name" : "ibm-qradar-cve202120401-info-disc (196075)",
          "refsource" : "XF",
          "tags" : [ "VDB Entry", "Vendor Advisory" ]
        }, {
          "url" : "https://www.ibm.com/support/pages/node/6449682",
          "name" : "https://www.ibm.com/support/pages/node/6449682",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196075."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.3.0",
          "versionEndExcluding" : "7.3.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.4.0:",
          "versionEndExcluding" : "7.4.2:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:fix_pack_1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:fix_pack_2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-05T16:15Z",
    "lastModifiedDate" : "2021-05-07T14:19Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20397",
        "ASSIGNER" : "psirt@us.ibm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196017",
          "name" : "ibm-qradar-cve202120397-xss (196017)",
          "refsource" : "XF",
          "tags" : [ "VDB Entry", "Vendor Advisory" ]
        }, {
          "url" : "https://www.ibm.com/support/pages/node/6449688",
          "name" : "https://www.ibm.com/support/pages/node/6449688",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196017."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.3.0",
          "versionEndExcluding" : "7.3.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.4.0:",
          "versionEndExcluding" : "7.4.2:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:fix_pack_1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:fix_pack_2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-05-05T16:15Z",
    "lastModifiedDate" : "2021-05-07T14:27Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-5013",
        "ASSIGNER" : "psirt@us.ibm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-611"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.ibm.com/support/pages/node/6449690",
          "name" : "https://www.ibm.com/support/pages/node/6449690",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/193245",
          "name" : "ibm-qradar-cve20205013-xxe (193245)",
          "refsource" : "XF",
          "tags" : [ "VDB Entry", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "IBM QRadar SIEM 7.3 and 7.4 may vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 193245."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.3.0",
          "versionEndExcluding" : "7.3.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.4.0:",
          "versionEndExcluding" : "7.4.2:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:fix_pack_1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:fix_pack_2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.1,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-05T16:15Z",
    "lastModifiedDate" : "2021-05-07T14:28Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-4993",
        "ASSIGNER" : "psirt@us.ibm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-22"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.ibm.com/support/pages/node/6449672",
          "name" : "https://www.ibm.com/support/pages/node/6449672",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/192905",
          "name" : "ibm-qradar-cve20204993-path-traversal (192905)",
          "refsource" : "XF",
          "tags" : [ "VDB Entry", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature of zip files processes data in a way that may be vulnerable to path traversal attacks. IBM X-Force ID: 192905."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.3.0",
          "versionEndExcluding" : "7.3.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.4.0:",
          "versionEndExcluding" : "7.4.2:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:fix_pack_1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:fix_pack_2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.9,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.2,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-05T16:15Z",
    "lastModifiedDate" : "2021-05-07T14:29Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-4979",
        "ASSIGNER" : "psirt@us.ibm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-77"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/192538",
          "name" : "ibm-qradar-cve20204979-code-exec (192538)",
          "refsource" : "XF",
          "tags" : [ "VDB Entry", "Vendor Advisory" ]
        }, {
          "url" : "https://www.ibm.com/support/pages/node/6449668",
          "name" : "https://www.ibm.com/support/pages/node/6449668",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "IBM QRadar SIEM 7.3 and 7.4 is vulnerable to insecure inter-deployment communication. An attacker that is able to comprimise or spoof traffic between hosts may be able to execute arbitrary commands. IBM X-Force D: 192538."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.3.0",
          "versionEndExcluding" : "7.3.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.4.0:",
          "versionEndExcluding" : "7.4.2:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:fix_pack_1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:fix_pack_2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-05T16:15Z",
    "lastModifiedDate" : "2021-05-07T14:40Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-4932",
        "ASSIGNER" : "psirt@us.ibm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-798"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191748",
          "name" : "ibm-qradar-cve20204932-info-disc (191748)",
          "refsource" : "XF",
          "tags" : [ "VDB Entry", "Vendor Advisory" ]
        }, {
          "url" : "https://www.ibm.com/support/pages/node/6449682",
          "name" : "https://www.ibm.com/support/pages/node/6449682",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 191748."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.3.0",
          "versionEndExcluding" : "7.3.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.4.0:",
          "versionEndExcluding" : "7.4.2:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:fix_pack_1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:fix_pack_2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-05T16:15Z",
    "lastModifiedDate" : "2021-05-07T14:40Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-4929",
        "ASSIGNER" : "psirt@us.ibm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.ibm.com/support/pages/node/6449674",
          "name" : "https://www.ibm.com/support/pages/node/6449674",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/191706",
          "name" : "ibm-qradar-cve20204929-xss (191706)",
          "refsource" : "XF",
          "tags" : [ "VDB Entry", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191706."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.3.0",
          "versionEndExcluding" : "7.3.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.4.0:",
          "versionEndExcluding" : "7.4.2:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:fix_pack_1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:fix_pack_2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.3,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-05-05T16:15Z",
    "lastModifiedDate" : "2021-05-07T14:41Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-4883",
        "ASSIGNER" : "psirt@us.ibm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-200"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190907",
          "name" : "ibm-qradar-cve20204883-info-disc (190907)",
          "refsource" : "XF",
          "tags" : [ "VDB Entry", "Vendor Advisory" ]
        }, {
          "url" : "https://www.ibm.com/support/pages/node/6449678",
          "name" : "https://www.ibm.com/support/pages/node/6449678",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "IBM QRadar SIEM 7.3 and 7.4 could disclose sensitive information about other domains which could be used in further attacks against the system. IBM X-Force ID: 190907."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.3.0",
          "versionEndExcluding" : "7.3.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.4.0:",
          "versionEndExcluding" : "7.4.2:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:fix_pack_1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.2:fix_pack_2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-05T16:15Z",
    "lastModifiedDate" : "2021-05-07T14:41Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31542",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.djangoproject.com/weblog/2021/may/04/security-releases/",
          "name" : "https://www.djangoproject.com/weblog/2021/may/04/security-releases/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://docs.djangoproject.com/en/3.2/releases/security/",
          "name" : "https://docs.djangoproject.com/en/3.2/releases/security/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/04/3",
          "name" : "http://www.openwall.com/lists/oss-security/2021/05/04/3",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://groups.google.com/forum/#!forum/django-announce",
          "name" : "https://groups.google.com/forum/#!forum/django-announce",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html",
          "name" : "[debian-lts-announce] 20210506 [SECURITY] [DLA 2651-1] python-django security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T15:15Z",
    "lastModifiedDate" : "2021-05-06T14:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31518",
        "ASSIGNER" : "security@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://helpcenter.trendmicro.com/en-us/article/TMKA-10312",
          "name" : "N/A",
          "refsource" : "N/A",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the device. This vulnerability is similar, but not identical to CVE-2021-31517."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T15:15Z",
    "lastModifiedDate" : "2021-05-05T18:11Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31517",
        "ASSIGNER" : "security@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://helpcenter.trendmicro.com/en-us/article/TMKA-10312",
          "name" : "N/A",
          "refsource" : "N/A",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the device. This vulnerability is similar, but not identical to CVE-2021-31518."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T15:15Z",
    "lastModifiedDate" : "2021-05-05T18:11Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-13665",
        "ASSIGNER" : "security@drupal.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.drupal.org/sa-core-2020-006",
          "name" : "https://www.drupal.org/sa-core-2020-006",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.x versions prior to 9.0.1."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T15:15Z",
    "lastModifiedDate" : "2021-05-05T18:11Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-13664",
        "ASSIGNER" : "security@drupal.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.drupal.org/sa-core-2020-005",
          "name" : "https://www.drupal.org/sa-core-2020-005",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability. Windows servers are most likely to be affected. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.1 versions prior to 9.0.1."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T15:15Z",
    "lastModifiedDate" : "2021-05-05T18:11Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-13662",
        "ASSIGNER" : "security@drupal.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.drupal.org/sa-core-2020-003",
          "name" : "https://www.drupal.org/sa-core-2020-003",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T15:15Z",
    "lastModifiedDate" : "2021-05-05T18:11Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20254",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://security.netapp.com/advisory/ntap-20210430-0001/",
          "name" : "https://security.netapp.com/advisory/ntap-20210430-0001/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.samba.org/samba/security/CVE-2021-20254.html",
          "name" : "https://www.samba.org/samba/security/CVE-2021-20254.html",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1949442",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1949442",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EP2VJ73OVBPVSOSTVOMGIEQA3MWF6F7/",
          "name" : "FEDORA-2021-1d0807008b",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZAF6L2M6CNAJ2YYYGXPWETTW5YLCWTVT/",
          "name" : "FEDORA-2021-7026246ea9",
          "refsource" : "FEDORA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T14:15Z",
    "lastModifiedDate" : "2021-05-08T03:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-13666",
        "ASSIGNER" : "security@drupal.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.drupal.org/sa-core-2020-007",
          "name" : "https://www.drupal.org/sa-core-2020-007",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.0:",
          "versionEndExcluding" : "7.73:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.8.0:",
          "versionEndExcluding" : "8.8.10:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.9.0:",
          "versionEndExcluding" : "8.9.6:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.0.0:",
          "versionEndExcluding" : "9.0.6:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-05-05T14:15Z",
    "lastModifiedDate" : "2021-05-07T18:18Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2016-20010",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://plugins.trac.wordpress.org/browser/ewww-image-optimizer/trunk/changelog.txt",
          "name" : "https://plugins.trac.wordpress.org/browser/ewww-image-optimizer/trunk/changelog.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.wordfence.com/blog/2016/06/vulnerability-ewww-image-optimizer/",
          "name" : "https://www.wordfence.com/blog/2016/06/vulnerability-ewww-image-optimizer/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T14:15Z",
    "lastModifiedDate" : "2021-05-05T18:11Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29250",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://blog.btcpayserver.org/vulnerability-disclosure-v1-0-7-0/",
          "name" : "https://blog.btcpayserver.org/vulnerability-disclosure-v1-0-7-0/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/btcpayserver/btcpayserver/releases",
          "name" : "https://github.com/btcpayserver/btcpayserver/releases",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. This enables cookie stealing."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T13:15Z",
    "lastModifiedDate" : "2021-05-05T14:04Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29248",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://blog.btcpayserver.org/vulnerability-disclosure-v1-0-7-0/",
          "name" : "https://blog.btcpayserver.org/vulnerability-disclosure-v1-0-7-0/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/btcpayserver/btcpayserver/releases",
          "name" : "https://github.com/btcpayserver/btcpayserver/releases",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T13:15Z",
    "lastModifiedDate" : "2021-05-05T14:04Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29247",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://blog.btcpayserver.org/vulnerability-disclosure-v1-0-7-0/",
          "name" : "https://blog.btcpayserver.org/vulnerability-disclosure-v1-0-7-0/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/btcpayserver/btcpayserver/releases",
          "name" : "https://github.com/btcpayserver/btcpayserver/releases",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T13:15Z",
    "lastModifiedDate" : "2021-05-05T14:04Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29246",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://blog.btcpayserver.org/vulnerability-disclosure-v1-0-7-0/",
          "name" : "https://blog.btcpayserver.org/vulnerability-disclosure-v1-0-7-0/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/btcpayserver/btcpayserver/releases",
          "name" : "https://github.com/btcpayserver/btcpayserver/releases",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted directory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T13:15Z",
    "lastModifiedDate" : "2021-05-05T14:04Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29245",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://blog.btcpayserver.org/vulnerability-disclosure-v1-0-7-0/",
          "name" : "https://blog.btcpayserver.org/vulnerability-disclosure-v1-0-7-0/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/btcpayserver/btcpayserver/releases",
          "name" : "https://github.com/btcpayserver/btcpayserver/releases",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T13:15Z",
    "lastModifiedDate" : "2021-05-05T14:04Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31800",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2008",
          "name" : "https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2008",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/SecureAuthCorp/impacket/releases",
          "name" : "https://github.com/SecureAuthCorp/impacket/releases",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L876",
          "name" : "https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L876",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2958",
          "name" : "https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2958",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f",
          "name" : "https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L3485",
          "name" : "https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L3485",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T11:15Z",
    "lastModifiedDate" : "2021-05-05T12:38Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25317",
        "ASSIGNER" : "security@suse.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-276"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1184161",
          "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1184161",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H74BP746O5NNVCBUTLLZYAFBPESFVECV/",
          "name" : "FEDORA-2021-dc578ce534",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S37IDQGHTORQ3Z6VRDQIGBYVOI27YG47/",
          "name" : "FEDORA-2021-7b698513d5",
          "refsource" : "FEDORA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T10:15Z",
    "lastModifiedDate" : "2021-05-10T03:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25319",
        "ASSIGNER" : "security@suse.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-276"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1182918",
          "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1182918",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versions."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T09:15Z",
    "lastModifiedDate" : "2021-05-05T12:38Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-36334",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.webarxsecurity.com/critical-issue-in-themegrill-demo-importer/",
          "name" : "https://www.webarxsecurity.com/critical-issue-in-themegrill-demo-importer/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.openwall.com/lists/oss-security/2020/02/19/1",
          "name" : "https://www.openwall.com/lists/oss-security/2020/02/19/1",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T04:15Z",
    "lastModifiedDate" : "2021-05-05T12:38Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-36333",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.webarxsecurity.com/critical-issue-in-themegrill-demo-importer/",
          "name" : "https://www.webarxsecurity.com/critical-issue-in-themegrill-demo-importer/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.openwall.com/lists/oss-security/2020/02/19/1",
          "name" : "https://www.openwall.com/lists/oss-security/2020/02/19/1",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard_actions hook."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T04:15Z",
    "lastModifiedDate" : "2021-05-05T12:38Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25179",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/matrix",
          "name" : "https://github.com/matrix",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm",
          "name" : "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://twitter.com/gm4tr1x",
          "name" : "https://twitter.com/gm4tr1x",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.linkedin.com/in/gabrielegristina",
          "name" : "https://www.linkedin.com/in/gabrielegristina",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T03:15Z",
    "lastModifiedDate" : "2021-05-05T12:38Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-22428",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/matrix",
          "name" : "https://github.com/matrix",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-1-6-Hotfix-3?language=en_US",
          "name" : "https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-1-6-Hotfix-3?language=en_US",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://twitter.com/gm4tr1x",
          "name" : "https://twitter.com/gm4tr1x",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.linkedin.com/in/gabrielegristina",
          "name" : "https://www.linkedin.com/in/gabrielegristina",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-05T03:15Z",
    "lastModifiedDate" : "2021-05-05T12:38Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-26804",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://medium.com/@pedro.ferreira.phf/vulnerability-affecting-some-versions-of-centreon-2b34bd6dc621",
          "name" : "https://medium.com/@pedro.ferreira.phf/vulnerability-affecting-some-versions-of-centreon-2b34bd6dc621",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to \".gif\", then uploading it in the \"Administration/ Parameters/ Images\" section of the application."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-04T17:15Z",
    "lastModifiedDate" : "2021-05-04T17:27Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29478",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-190"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3",
          "name" : "https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://redis.io/",
          "name" : "https://redis.io/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-04T16:15Z",
    "lastModifiedDate" : "2021-05-04T17:27Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29477",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-190"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://redis.io/",
          "name" : "https://redis.io/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g",
          "name" : "https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-04T16:15Z",
    "lastModifiedDate" : "2021-05-04T17:27Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21551",
        "ASSIGNER" : "secure@dell.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-863"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability",
          "name" : "https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability",
          "refsource" : "MISC",
          "tags" : [ "Mitigation", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:dell:debutil_2_3.sys:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-04T16:15Z",
    "lastModifiedDate" : "2021-05-07T20:12Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-4987",
        "ASSIGNER" : "psirt@us.ibm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/192702",
          "name" : "ibm-flashsystem-cve20204987-xss (192702)",
          "refsource" : "XF",
          "tags" : [ "VDB Entry", "Vendor Advisory" ]
        }, {
          "url" : "https://www.ibm.com/support/pages/node/6449280",
          "name" : "https://www.ibm.com/support/pages/node/6449280",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "IBM FlashSystem 900 1.5.2.9 and 1.6.1.3 user management GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192702."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:ibm:flashsystem_900_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "1.5.2.9:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:ibm:flashsystem_900_firmware:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "1.6.0.0:",
            "versionEndExcluding" : "1.6.1.3:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:ibm:flashsystem_900:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.3,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-05-04T16:15Z",
    "lastModifiedDate" : "2021-05-07T20:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-21999",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exploit-db.com/exploits/47066",
          "name" : "Exploit Database",
          "refsource" : "EXPLOIT-DB",
          "tags" : [ ]
        }, {
          "url" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5525.php",
          "name" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5525.php",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-04T16:15Z",
    "lastModifiedDate" : "2021-05-04T17:27Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3154",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-2_release_notes.htm",
          "name" : "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-2_release_notes.htm",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenticated attackers can retrieve cleartext passwords via macro Injection. NOTE: this had a distinct fix relative to CVE-2020-35481."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-04T14:15Z",
    "lastModifiedDate" : "2021-05-04T17:27Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-27518",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://jeffs.sh/CVEs/CVE-2020-27518.txt",
          "name" : "https://jeffs.sh/CVEs/CVE-2020-27518.txt",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "http://windscribe.com",
          "name" : "http://windscribe.com",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "All versions of Windscribe VPN for Mac and Windows <= v2.02.10 contain a local privilege escalation vulnerability in the WindscribeService component. A low privilege user could leverage several openvpn options to execute code as root/SYSTEM."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-04T14:15Z",
    "lastModifiedDate" : "2021-05-04T17:27Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22547",
        "ASSIGNER" : "security@google.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-120"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/GoogleCloudPlatform/iot-device-sdk-embedded-c/blob/master/RELEASE-NOTES.md",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Release Notes", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/GoogleCloudPlatform/iot-device-sdk-embedded-c/pull/119",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In IoT Devices SDK, there is an implementation of calloc() that doesn't have a length check. An attacker could pass in memory objects larger than the buffer and wrap around to have a smaller buffer than required, allowing the attacker access to the other parts of the heap. We recommend upgrading the Google Cloud IoT Device SDK for Embedded C used to 1.0.3 or greater."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:google:cloud_iot_device_sdk_for_embedded_c:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.0.3:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-04T13:15Z",
    "lastModifiedDate" : "2021-05-07T22:18Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29240",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://customers.codesys.com/index.php",
          "name" : "https://customers.codesys.com/index.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14636&token=1ce7e6e4cbe4651989ede418450d7c82e972bdf2&download=",
          "name" : "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14636&token=1ce7e6e4cbe4651989ede418450d7c82e972bdf2&download=",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.codesys.com/security/security-reports.html",
          "name" : "https://www.codesys.com/security/security-reports.html",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-04T12:15Z",
    "lastModifiedDate" : "2021-05-04T17:27Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-23383",
        "ASSIGNER" : "report@snyk.io"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032",
          "name" : "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031",
          "name" : "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427",
          "name" : "https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030",
          "name" : "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029",
          "name" : "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-04T09:15Z",
    "lastModifiedDate" : "2021-05-04T10:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-23343",
        "ASSIGNER" : "report@snyk.io"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/jbgutierrez/path-parse/issues/8",
          "name" : "https://github.com/jbgutierrez/path-parse/issues/8",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067",
          "name" : "https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279028",
          "name" : "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279028",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-04T09:15Z",
    "lastModifiedDate" : "2021-05-04T10:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31164",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://unomi.apache.org/security/cve-2021-31164",
          "name" : "http://unomi.apache.org/security/cve-2021-31164",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-04T07:15Z",
    "lastModifiedDate" : "2021-05-04T10:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-32020",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/FreeRTOS/FreeRTOS-Kernel/commit/c7a9a01c94987082b223d3e59969ede64363da63",
          "name" : "https://github.com/FreeRTOS/FreeRTOS-Kernel/commit/c7a9a01c94987082b223d3e59969ede64363da63",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-03T22:15Z",
    "lastModifiedDate" : "2021-05-04T10:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-23083",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/zhangdaiscott/jeecg/issues/56",
          "name" : "https://github.com/zhangdaiscott/jeecg/issues/56",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Unrestricted File Upload in JEECG v4.0 and earlier allows remote attackers to execute arbitrary code or gain privileges by uploading a crafted file to the component \"jeecgFormDemoController.do?commonUpload\"."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-03T22:15Z",
    "lastModifiedDate" : "2021-05-04T10:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-23015",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/opnsense/core/issues/4061",
          "name" : "https://github.com/opnsense/core/issues/4061",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter \"url\" in login page was not filtered and can redirect user to any website."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-03T22:15Z",
    "lastModifiedDate" : "2021-05-04T10:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-35758",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/",
          "name" : "https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass in the Web Interface. This interface does not properly restrict access to internal functionality. Despite presenting a password login page on first access, authentication is not required to access privileged functionality. As such, it's possible to directly access APIs that should not be exposed to an unauthenticated user."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-03T21:15Z",
    "lastModifiedDate" : "2021-05-04T10:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-35757",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/",
          "name" : "https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is Unauthenticated Root ADB Access Over TCP. The LS9 web interface provides functionality to access ADB over TCP. This is not enabled by default, but can be enabled by sending a crafted request to a web management interface endpoint. Requests made to this endpoint do not require authentication. As such, any unauthenticated user who is able to access the web interface will be able to gain root privileges on the LS9 module."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-03T21:15Z",
    "lastModifiedDate" : "2021-05-04T10:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-35756",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/",
          "name" : "https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service GETPASS Configuration Password Information Leak. The luci_service daemon running on port 7777 does not require authentication to return the device configuration password in cleartext when using the GETPASS command. As such, any unauthenticated person with access to port 7777 on the device will be able to leak the user's personal device configuration password by issuing the GETPASS command."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-03T21:15Z",
    "lastModifiedDate" : "2021-05-04T10:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-35755",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/",
          "name" : "https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service Read_ NVRAM Direct Access Information Leak. The luci_service deamon running on port 7777 provides a sub-category of commands for which Read_ is prepended. Commands in this category are able to directly read the contents of the device configuration NVRAM. The NVRAM contains sensitive information, such as the Wi-Fi password (in cleartext), as well as connected account tokens for services such as Spotify."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-03T21:15Z",
    "lastModifiedDate" : "2021-05-04T10:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28945",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://open-xchange.com",
          "name" : "https://open-xchange.com",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html",
          "name" : "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "7.10.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-03T20:15Z",
    "lastModifiedDate" : "2021-05-07T12:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21264",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-862"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/octobercms/october/security/advisories/GHSA-fcr8-6q7r-m4wg",
          "name" : "https://github.com/octobercms/october/security/advisories/GHSA-fcr8-6q7r-m4wg",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-26231 (fixed in 1.0.470/471 and 1.1.1) was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247. An authenticated backend user with the `cms.manage_pages`, `cms.manage_layouts`, or `cms.manage_partials` permissions who would **normally** not be permitted to provide PHP code to be executed by the CMS due to `cms.enableSafeMode` being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone that trusts their users with those permissions to normally write & manage PHP within the CMS by not having `cms.enableSafeMode` enabled, but would be a problem for anyone relying on `cms.enableSafeMode` to ensure that users with those permissions in production do not have access to write & execute arbitrary PHP. Issue has been patched in Build 472 (v1.0.472) and v1.1.2. As a workaround, apply https://github.com/octobercms/october/commit/f63519ff1e8d375df30deba63156a2fc97aa9ee7 to your installation manually if unable to upgrade to Build 472 or v1.1.2."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-03T16:15Z",
    "lastModifiedDate" : "2021-05-03T17:37Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-20247",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-119"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://seclists.org/fulldisclosure/2020/May/30",
          "name" : "https://seclists.org/fulldisclosure/2020/May/30",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
          "versionEndExcluding" : "6.46.5:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-03T16:15Z",
    "lastModifiedDate" : "2021-05-10T12:43Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-20218",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-119"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://seclists.org/fulldisclosure/2020/May/30",
          "name" : "https://seclists.org/fulldisclosure/2020/May/30",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:mikrotik:routeros:6.44.6:*:*:*:ltr:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-03T16:15Z",
    "lastModifiedDate" : "2021-05-10T12:41Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29242",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://customers.codesys.com/index.php",
          "name" : "https://customers.codesys.com/index.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.codesys.com/security/security-reports.html",
          "name" : "https://www.codesys.com/security/security-reports.html",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download=",
          "name" : "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download=",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-03T14:15Z",
    "lastModifiedDate" : "2021-05-03T14:58Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29241",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://customers.codesys.com/index.php",
          "name" : "https://customers.codesys.com/index.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.codesys.com/security/security-reports.html",
          "name" : "https://www.codesys.com/security/security-reports.html",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14637&token=8dbd75ae7553ae3be25e22f741db783b31e14799&download=",
          "name" : "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14637&token=8dbd75ae7553ae3be25e22f741db783b31e14799&download=",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "CODESYS Gateway 3 before 3.5.17.0 has a NULL pointer dereference that may result in a denial of service (DoS)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-03T14:15Z",
    "lastModifiedDate" : "2021-05-03T14:58Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29239",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-345"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://customers.codesys.com/index.php",
          "name" : "https://customers.codesys.com/index.php",
          "refsource" : "MISC",
          "tags" : [ "Permissions Required", "Vendor Advisory" ]
        }, {
          "url" : "https://www.codesys.com/security/security-reports.html",
          "name" : "https://www.codesys.com/security/security-reports.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14639&token=fa836f8bd4a2184aa9323a639ca9f2aaf1538412&download=",
          "name" : "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14639&token=fa836f8bd4a2184aa9323a639ca9f2aaf1538412&download=",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.0:",
          "versionEndExcluding" : "3.5.17.0:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-05-03T14:15Z",
    "lastModifiedDate" : "2021-05-07T13:54Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29238",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://customers.codesys.com/index.php",
          "name" : "https://customers.codesys.com/index.php",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.codesys.com/security/security-reports.html",
          "name" : "https://www.codesys.com/security/security-reports.html",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14638&token=30b75ee95d0d94527894dfd8cdc5432575a8eff8&download=",
          "name" : "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14638&token=30b75ee95d0d94527894dfd8cdc5432575a8eff8&download=",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-03T14:15Z",
    "lastModifiedDate" : "2021-05-03T14:58Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29369",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.npmjs.com/package/@rkesters/gnuplot",
          "name" : "https://www.npmjs.com/package/@rkesters/gnuplot",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/rkesters/gnuplot/commit/23671d4d3d28570fb19a936a6328bfac742410de",
          "name" : "https://github.com/rkesters/gnuplot/commit/23671d4d3d28570fb19a936a6328bfac742410de",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-03T12:15Z",
    "lastModifiedDate" : "2021-05-03T13:52Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28860",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/adaltas/node-mixme/issues/1",
          "name" : "https://github.com/adaltas/node-mixme/issues/1",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.npmjs.com/~david",
          "name" : "https://www.npmjs.com/~david",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/adaltas/node-mixme/commit/cfd5fbfc32368bcf7e06d1c5985ea60e34cd4028",
          "name" : "https://github.com/adaltas/node-mixme/commit/cfd5fbfc32368bcf7e06d1c5985ea60e34cd4028",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "http://nodejs.com",
          "name" : "http://nodejs.com",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://github.com/adaltas/node-mixme/security/advisories/GHSA-79jw-6wg7-r9g4",
          "name" : "https://github.com/adaltas/node-mixme/security/advisories/GHSA-79jw-6wg7-r9g4",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-03T12:15Z",
    "lastModifiedDate" : "2021-05-07T11:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25631",
        "ASSIGNER" : "security@documentfoundation.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/",
          "name" : "https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://positive.security/blog/url-open-rce#open-libreoffice",
          "name" : "https://positive.security/blog/url-open-rce#open-libreoffice",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-03T12:15Z",
    "lastModifiedDate" : "2021-05-03T13:52Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31996",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://rustsec.org/advisories/RUSTSEC-2021-0053.html",
          "name" : "https://rustsec.org/advisories/RUSTSEC-2021-0053.html",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in the algorithmica crate through 2021-03-07 for Rust. There is a double free in merge_sort::merge()."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-03T07:15Z",
    "lastModifiedDate" : "2021-05-03T13:52Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28359",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E",
          "name" : "[announce] 20210501 Apache Airflow CVE: CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-05-02T08:15Z",
    "lastModifiedDate" : "2021-05-04T00:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31935",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html",
          "name" : "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html",
          "refsource" : "MISC",
          "tags" : [ "Not Applicable", "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "7.10.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-30T22:15Z",
    "lastModifiedDate" : "2021-05-07T12:49Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31934",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html",
          "name" : "https://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html",
          "refsource" : "MISC",
          "tags" : [ "Not Applicable", "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "7.10.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-30T22:15Z",
    "lastModifiedDate" : "2021-05-07T12:49Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31792",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://chris-forbes.github.io/CVE-2021-31792",
          "name" : "https://chris-forbes.github.io/CVE-2021-31792",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/salesagility/SuiteCRM",
          "name" : "https://github.com/salesagility/SuiteCRM",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Third Party Advisory" ]
        }, {
          "url" : "https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_19",
          "name" : "https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_19",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "7.11.19",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.3,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-30T22:15Z",
    "lastModifiedDate" : "2021-05-03T18:09Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28944",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-400"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://open-xchange.com",
          "name" : "https://open-xchange.com",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html",
          "name" : "http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:open-xchange:ox_guard:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "2.10.4:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-30T22:15Z",
    "lastModifiedDate" : "2021-05-07T13:32Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28943",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-918"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://open-xchange.com",
          "name" : "https://open-xchange.com",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html",
          "name" : "http://packetstormsecurity.com/files/162406/OX-App-Suite-OX-Guard-SSRF-DoS-Cross-Site-Scripting.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "OX App Suite 7.10.4 and earlier allows SSRF via a snippet."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "7.10.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-30T22:15Z",
    "lastModifiedDate" : "2021-05-07T12:50Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21531",
        "ASSIGNER" : "secure@dell.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-669"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.dell.com/support/kbdoc/000184565",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:dell:solutions_enabler:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "9.1.0.15:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:dell:solutions_enabler:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.2.0:",
          "versionEndExcluding" : "9.2.1.6:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:dell:solutions_enabler_virtual_appliance:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "9.1.0.15:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:dell:solutions_enabler_virtual_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.2.0:",
          "versionEndExcluding" : "9.2.1.1:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:dell:unisphere_for_powermax:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "9.1.0.26:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:dell:unisphere_for_powermax:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.2.1.0:",
          "versionEndIncluding" : "9.2.1.6:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:dell:unisphere_for_powermax_virtual_appliance:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "9.1.0.26:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:dell:unisphere_for_powermax_virtual_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.2.1.0:",
          "versionEndExcluding" : "9.2.1.6:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:dell:powermax_os:5978:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-30T21:15Z",
    "lastModifiedDate" : "2021-05-10T14:07Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21233",
        "ASSIGNER" : "chrome-cve-admin@google.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://crbug.com/1182937",
          "name" : "https://crbug.com/1182937",
          "refsource" : "MISC",
          "tags" : [ "Broken Link", "Vendor Advisory" ]
        }, {
          "url" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html",
          "name" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202104-08",
          "name" : "GLSA-202104-08",
          "refsource" : "GENTOO",
          "tags" : [ ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4911",
          "name" : "DSA-4911",
          "refsource" : "DEBIAN",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "90.0.4430.93",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-30T21:15Z",
    "lastModifiedDate" : "2021-05-04T12:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21232",
        "ASSIGNER" : "chrome-cve-admin@google.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-416"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://crbug.com/1175058",
          "name" : "https://crbug.com/1175058",
          "refsource" : "MISC",
          "tags" : [ "Broken Link", "Vendor Advisory" ]
        }, {
          "url" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html",
          "name" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202104-08",
          "name" : "GLSA-202104-08",
          "refsource" : "GENTOO",
          "tags" : [ ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4911",
          "name" : "DSA-4911",
          "refsource" : "DEBIAN",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "90.0.4430.93",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-30T21:15Z",
    "lastModifiedDate" : "2021-05-04T12:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21231",
        "ASSIGNER" : "chrome-cve-admin@google.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-345"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://crbug.com/1198696",
          "name" : "https://crbug.com/1198696",
          "refsource" : "MISC",
          "tags" : [ "Broken Link", "Vendor Advisory" ]
        }, {
          "url" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html",
          "name" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202104-08",
          "name" : "GLSA-202104-08",
          "refsource" : "GENTOO",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4911",
          "name" : "DSA-4911",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "90.0.4430.93",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-30T21:15Z",
    "lastModifiedDate" : "2021-05-06T20:10Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21230",
        "ASSIGNER" : "chrome-cve-admin@google.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-843"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html",
          "name" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        }, {
          "url" : "https://crbug.com/1198705",
          "name" : "https://crbug.com/1198705",
          "refsource" : "MISC",
          "tags" : [ "Broken Link", "Vendor Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202104-08",
          "name" : "GLSA-202104-08",
          "refsource" : "GENTOO",
          "tags" : [ ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4911",
          "name" : "DSA-4911",
          "refsource" : "DEBIAN",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "90.0.4430.93",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-30T21:15Z",
    "lastModifiedDate" : "2021-05-04T12:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21229",
        "ASSIGNER" : "chrome-cve-admin@google.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-346"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://crbug.com/1198165",
          "name" : "https://crbug.com/1198165",
          "refsource" : "MISC",
          "tags" : [ "Broken Link", "Vendor Advisory" ]
        }, {
          "url" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html",
          "name" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202104-08",
          "name" : "GLSA-202104-08",
          "refsource" : "GENTOO",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4911",
          "name" : "DSA-4911",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "90.0.4430.93",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-30T21:15Z",
    "lastModifiedDate" : "2021-05-06T20:10Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21228",
        "ASSIGNER" : "chrome-cve-admin@google.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-863"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://crbug.com/1139156",
          "name" : "https://crbug.com/1139156",
          "refsource" : "MISC",
          "tags" : [ "Broken Link", "Vendor Advisory" ]
        }, {
          "url" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html",
          "name" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202104-08",
          "name" : "GLSA-202104-08",
          "refsource" : "GENTOO",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4911",
          "name" : "DSA-4911",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "90.0.4430.93",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-30T21:15Z",
    "lastModifiedDate" : "2021-05-06T20:05Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21227",
        "ASSIGNER" : "chrome-cve-admin@google.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://crbug.com/1199345",
          "name" : "https://crbug.com/1199345",
          "refsource" : "MISC",
          "tags" : [ "Permissions Required", "Vendor Advisory" ]
        }, {
          "url" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html",
          "name" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202104-08",
          "name" : "GLSA-202104-08",
          "refsource" : "GENTOO",
          "tags" : [ ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4911",
          "name" : "DSA-4911",
          "refsource" : "DEBIAN",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "90.0.4430.93",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-30T21:15Z",
    "lastModifiedDate" : "2021-05-04T12:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-18084",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/yzmcms/yzmcms/issues/9",
          "name" : "https://github.com/yzmcms/yzmcms/issues/9",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the \"referer\" field of a POST request to the component \"/member/index/login.html\" when logging in."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:yzmcms:yzmcms:5.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-30T21:15Z",
    "lastModifiedDate" : "2021-05-06T13:44Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29464",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/Exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54",
          "name" : "https://github.com/Exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p",
          "name" : "https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "0.27.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-30T19:15Z",
    "lastModifiedDate" : "2021-05-10T15:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29463",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/Exiv2/exiv2/commit/783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b",
          "name" : "https://github.com/Exiv2/exiv2/commit/783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr",
          "name" : "https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "0.27.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-30T19:15Z",
    "lastModifiedDate" : "2021-05-10T15:29Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21537",
        "ASSIGNER" : "secure@dell.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-200"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.dell.com/support/kbdoc/en-us/000184667/dsa-2021-071-dell-hybrid-client-security-update-for-multiple-vulnerabilities",
          "name" : "https://www.dell.com/support/kbdoc/en-us/000184667/dsa-2021-071-dell-hybrid-client-security-update-for-multiple-vulnerabilities",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to view and exfiltrate sensitive information on the system."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:dell:hybrid_client:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-30T18:15Z",
    "lastModifiedDate" : "2021-05-06T20:12Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21536",
        "ASSIGNER" : "secure@dell.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-200"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.dell.com/support/kbdoc/en-us/000184667/dsa-2021-071-dell-hybrid-client-security-update-for-multiple-vulnerabilities",
          "name" : "https://www.dell.com/support/kbdoc/en-us/000184667/dsa-2021-071-dell-hybrid-client-security-update-for-multiple-vulnerabilities",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to register the client to a server in order to view sensitive information."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:dell:hybrid_client:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-30T18:15Z",
    "lastModifiedDate" : "2021-05-06T19:41Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21535",
        "ASSIGNER" : "secure@dell.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-306"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.dell.com/support/kbdoc/en-us/000184667/dsa-2021-071-dell-hybrid-client-security-update-for-multiple-vulnerabilities",
          "name" : "https://www.dell.com/support/kbdoc/en-us/000184667/dsa-2021-071-dell-hybrid-client-security-update-for-multiple-vulnerabilities",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:dell:hybrid_client:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-30T18:15Z",
    "lastModifiedDate" : "2021-05-06T19:46Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21534",
        "ASSIGNER" : "secure@dell.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-200"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.dell.com/support/kbdoc/en-us/000184667/dsa-2021-071-dell-hybrid-client-security-update-for-multiple-vulnerabilities",
          "name" : "https://www.dell.com/support/kbdoc/en-us/000184667/dsa-2021-071-dell-hybrid-client-security-update-for-multiple-vulnerabilities",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain access to sensitive information via the local API."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:dell:hybrid_client:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.3,
          "baseSeverity" : "LOW"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-30T18:15Z",
    "lastModifiedDate" : "2021-05-06T19:47Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-7731",
        "ASSIGNER" : "report@snyk.io"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-476"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOSAML2-608302",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/russellhaering/gosaml2/issues/59",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This affects all versions of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:gosaml2_project:gosaml2:*:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-30T16:15Z",
    "lastModifiedDate" : "2021-05-09T03:58Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-4039",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-23"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/fossasia/susi_server/security/advisories/GHSA-wcm4-2jp5-q269",
          "name" : "https://github.com/fossasia/susi_server/security/advisories/GHSA-wcm4-2jp5-q269",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, some files can also be moved or deleted."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:fossasia:susi.ai:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "2020-05-13:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 9.1,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.4
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-30T16:15Z",
    "lastModifiedDate" : "2021-05-10T13:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-15153",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/ampache/ampache/releases/tag/4.2.2",
          "name" : "https://github.com/ampache/ampache/releases/tag/4.2.2",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/ampache/ampache/commit/e92cb6154c32c513b9c07e5fdbf5ac7de81ef5ed",
          "name" : "https://github.com/ampache/ampache/commit/e92cb6154c32c513b9c07e5fdbf5ac7de81ef5ed",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/ampache/ampache/security/advisories/GHSA-phr3-mpx5-7826",
          "name" : "https://github.com/ampache/ampache/security/advisories/GHSA-phr3-mpx5-7826",
          "refsource" : "CONFIRM",
          "tags" : [ "Exploit", "Mitigation", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and the development branch."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ampache:ampache:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "4.2.2:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-30T16:15Z",
    "lastModifiedDate" : "2021-05-09T02:29Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-24918",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-120"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.ambarella.com",
          "name" : "https://www.ambarella.com",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.somersetrecon.com/blog",
          "name" : "https://www.somersetrecon.com/blog",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://somersetrecon.squarespace.com/blog/2021/hacking-the-furbo-part-1",
          "name" : "https://somersetrecon.squarespace.com/blog/2021/hacking-the-furbo-part-1",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthenticated attacker to send a crafted RTSP request, with a long digest authentication header, to execute arbitrary code in parse_authentication_header() in libamprotocol-rtsp.so.1 in rtsp_svc (or cause a crash). This allows remote takeover of a Furbo Dog Camera, for example."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ambarella:oryx_rtsp_server:2020-01-07:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 10.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-30T12:15Z",
    "lastModifiedDate" : "2021-05-07T14:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20326",
        "ASSIGNER" : "cna@mongodb.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-732"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://jira.mongodb.org/browse/SERVER-53929",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.4."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "4.4.0",
          "versionEndExcluding" : "4.4.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-30T09:15Z",
    "lastModifiedDate" : "2021-05-03T18:10Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31872",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-190"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kernel.org/pub/linux/libs/klibc/2.0/",
          "name" : "https://kernel.org/pub/linux/libs/klibc/2.0/",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.zytor.com/archives/klibc/2021-April/004593.html",
          "name" : "https://lists.zytor.com/archives/klibc/2021-April/004593.html",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Release Notes", "Third Party Advisory" ]
        }, {
          "url" : "https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=9b1c91577aef7f2e72c3aa11a27749160bd278ff",
          "name" : "https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=9b1c91577aef7f2e72c3aa11a27749160bd278ff",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/04/30/1",
          "name" : "[oss-security] 20210430 [ANNOUNCE] klibc 2.0.9",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Release Notes", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:klibc_project:klibc:*:*:*:*:*:x86:*:*",
          "versionEndExcluding" : "2.0.9:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-30T06:15Z",
    "lastModifiedDate" : "2021-05-07T19:54Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31871",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-190"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kernel.org/pub/linux/libs/klibc/2.0/",
          "name" : "https://kernel.org/pub/linux/libs/klibc/2.0/",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.zytor.com/archives/klibc/2021-April/004593.html",
          "name" : "https://lists.zytor.com/archives/klibc/2021-April/004593.html",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Release Notes", "Third Party Advisory" ]
        }, {
          "url" : "https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2e48a12ab1e30d43498c2d53e878a11a1b5102d5",
          "name" : "https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2e48a12ab1e30d43498c2d53e878a11a1b5102d5",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/04/30/1",
          "name" : "[oss-security] 20210430 [ANNOUNCE] klibc 2.0.9",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Release Notes", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:klibc_project:klibc:*:*:*:*:*:*:x64:*",
          "versionEndExcluding" : "2.0.9:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-30T06:15Z",
    "lastModifiedDate" : "2021-05-07T20:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31870",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-190"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kernel.org/pub/linux/libs/klibc/2.0/",
          "name" : "https://kernel.org/pub/linux/libs/klibc/2.0/",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.zytor.com/archives/klibc/2021-April/004593.html",
          "name" : "https://lists.zytor.com/archives/klibc/2021-April/004593.html",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Release Notes", "Third Party Advisory" ]
        }, {
          "url" : "https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2",
          "name" : "https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/04/30/1",
          "name" : "[oss-security] 20210430 [ANNOUNCE] klibc 2.0.9",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Release Notes", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer overflow."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:klibc_project:klibc:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "2.0.9:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-30T06:15Z",
    "lastModifiedDate" : "2021-05-07T19:54Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31919",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-772"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://rustsec.org/advisories/RUSTSEC-2021-0054.html",
          "name" : "https://rustsec.org/advisories/RUSTSEC-2021-0054.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:rkyv_project:rkyv:*:*:*:*:*:rust:*:*",
          "versionEndExcluding" : "0.6.0:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-30T03:15Z",
    "lastModifiedDate" : "2021-05-09T03:39Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-18070",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-22"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/idreamsoft/iCMS/issues/46",
          "name" : "https://github.com/idreamsoft/iCMS/issues/46",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the \"do_del()\" method of the component \"database.admincp.php\"."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:idreamsoft:icms:7.0.13:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.1,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.4
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-30T00:15Z",
    "lastModifiedDate" : "2021-05-03T18:41Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-18035",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/zchuanzhao/jeesns/issues/8",
          "name" : "https://github.com/zchuanzhao/jeesns/issues/8",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the \"CKEditorFuncNum\" parameter in the component \"CkeditorUploadController.java\"."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:jeesns:jeesns:1.4.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T23:15Z",
    "lastModifiedDate" : "2021-05-03T18:13Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1087",
        "ASSIGNER" : "psirt@nvidia.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-200"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), which could allow an attacker to retrieve information that could lead to a Address Space Layout Randomization (ASLR) bypass. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "8.0:",
            "versionEndExcluding" : "8.7:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:nutanix:ahv:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "11.0:",
            "versionEndExcluding" : "11.4:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "12.0:",
            "versionEndExcluding" : "12.2:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T19:15Z",
    "lastModifiedDate" : "2021-05-07T20:37Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1086",
        "ASSIGNER" : "psirt@nvidia.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-863"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it allows guests to control unauthorized resources, which may lead to integrity and confidentiality loss or information disclosure. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "8.0:",
            "versionEndExcluding" : "8.7:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:nutanix:ahv:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "11.0:",
            "versionEndExcluding" : "11.4:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "12.0:",
            "versionEndExcluding" : "12.2:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.1,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.6
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T19:15Z",
    "lastModifiedDate" : "2021-05-07T20:04Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1085",
        "ASSIGNER" : "psirt@nvidia.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to write to a shared memory location and manipulate the data after the data has been validated, which may lead to denial of service and escalation of privileges. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "8.0:",
            "versionEndExcluding" : "8.7:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:nutanix:ahv:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "11.0:",
            "versionEndExcluding" : "11.4:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "12.0:",
            "versionEndExcluding" : "12.2:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T19:15Z",
    "lastModifiedDate" : "2021-05-07T20:13Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1084",
        "ASSIGNER" : "psirt@nvidia.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "NVIDIA vGPU driver contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 12.x (prior to 12.2) and version 11.x (prior to 11.4)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "11.0:",
            "versionEndExcluding" : "11.4:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "12.0:",
            "versionEndExcluding" : "12.2:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.1,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 3.6
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T19:15Z",
    "lastModifiedDate" : "2021-05-07T20:45Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1083",
        "ASSIGNER" : "psirt@nvidia.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2) and version 11.x (prior to 11.4)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "11.0:",
            "versionEndExcluding" : "11.4:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "12.0:",
            "versionEndExcluding" : "12.2:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T19:15Z",
    "lastModifiedDate" : "2021-05-07T20:45Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1082",
        "ASSIGNER" : "psirt@nvidia.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7)"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "8.0:",
            "versionEndExcluding" : "8.7:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:nutanix:ahv:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "11.0:",
            "versionEndExcluding" : "11.4:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "12.0:",
            "versionEndExcluding" : "12.2:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T19:15Z",
    "lastModifiedDate" : "2021-05-07T20:47Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1081",
        "ASSIGNER" : "psirt@nvidia.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior 8.7)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "8.0:",
            "versionEndExcluding" : "8.7:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:nutanix:ahv:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "11.0:",
            "versionEndExcluding" : "11.4:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "12.0:",
            "versionEndExcluding" : "12.2:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T19:15Z",
    "lastModifiedDate" : "2021-05-07T20:48Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1080",
        "ASSIGNER" : "psirt@nvidia.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which certain input data is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior 8.7)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "8.0:",
            "versionEndExcluding" : "8.7:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:nutanix:ahv:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "11.0:",
            "versionEndExcluding" : "11.4:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "12.0:",
            "versionEndExcluding" : "12.2:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T19:15Z",
    "lastModifiedDate" : "2021-05-07T20:48Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-22808",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/fecshop/yii2_fecshop/commit/8fac6455882333cfe3d81c4121d523813e28e31a",
          "name" : "https://github.com/fecshop/yii2_fecshop/commit/8fac6455882333cfe3d81c4121d523813e28e31a",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/fecshop/yii2_fecshop/issues/87",
          "name" : "https://github.com/fecshop/yii2_fecshop/issues/87",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was found in yii2_fecshop 2.x. There is a reflected XSS vulnerability in the check cart page."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:fecmall_project:fecmall:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.0.0:",
          "versionEndIncluding" : "2.13.3:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T19:15Z",
    "lastModifiedDate" : "2021-05-05T17:55Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-22807",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://cloud.tencent.com/developer/article/1612208",
          "name" : "https://cloud.tencent.com/developer/article/1612208",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vtiger:vtiger:7.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T19:15Z",
    "lastModifiedDate" : "2021-05-03T18:47Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21388",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-78"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/sebhildebrandt/systeminformation/commit/0be6fcd575c05687d1076d5cd6d75af2ebae5a46",
          "name" : "https://github.com/sebhildebrandt/systeminformation/commit/0be6fcd575c05687d1076d5cd6d75af2ebae5a46",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://www.npmjs.com/package/systeminformation",
          "name" : "https://www.npmjs.com/package/systeminformation",
          "refsource" : "MISC",
          "tags" : [ "Product", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/sebhildebrandt/systeminformation/commit/7922366d707de7f20995fc8e30ac3153636bf35f",
          "name" : "https://github.com/sebhildebrandt/systeminformation/commit/7922366d707de7f20995fc8e30ac3153636bf35f",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-jff2-qjw8-5476",
          "name" : "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-jff2-qjw8-5476",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/sebhildebrandt/systeminformation/commit/01ef56cd5824ed6da1c11b37013a027fdef67524",
          "name" : "https://github.com/sebhildebrandt/systeminformation/commit/01ef56cd5824ed6da1c11b37013a027fdef67524",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version >= 5.6.4. If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() and other commands. Only allow strings, reject any arrays. String sanitation works as expected."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:systeminformation:systeminformation:*:*:*:*:*:node.js:*:*",
          "versionEndExcluding" : "5.6.4:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T18:15Z",
    "lastModifiedDate" : "2021-05-05T20:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1504",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-vpn-dos-fpBcpEcD",
          "name" : "20210428 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of proper input validation of the HTTPS request. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.7:",
          "versionEndExcluding" : "9.8.4.35:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.9:",
          "versionEndExcluding" : "9.9.2.85:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.10:",
          "versionEndExcluding" : "9.12.4.10:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.13:",
          "versionEndExcluding" : "9.13.1.21:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.14:",
          "versionEndExcluding" : "9.14.2.4:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.15:",
          "versionEndExcluding" : "9.15.1.7:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.5.0:",
          "versionEndExcluding" : "6.6.4:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.7.0:",
          "versionEndExcluding" : "6.7.0.1:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T18:15Z",
    "lastModifiedDate" : "2021-05-05T20:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1501",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-613"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-sipdos-GGwmMerC",
          "name" : "20210428 Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software SIP Denial of Service Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the SIP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service (DoS) condition.The vulnerability is due to a crash that occurs during a hash lookup for a SIP pinhole connection. An attacker could exploit this vulnerability by sending crafted SIP traffic through an affected device. A successful exploit could allow the attacker to cause a crash and reload of the affected device."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.8:",
          "versionEndExcluding" : "9.8.4.34:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.9:",
          "versionEndExcluding" : "9.9.2.85:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.10:",
          "versionEndExcluding" : "9.12.4.18:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.13:",
          "versionEndExcluding" : "9.13.1.21:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.14:",
          "versionEndExcluding" : "9.14.2.13:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.15:",
          "versionEndExcluding" : "9.15.1.15:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.2.2:",
          "versionEndExcluding" : "6.4.0.12:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.5.0:",
          "versionEndExcluding" : "6.6.4:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.7.0:",
          "versionEndExcluding" : "6.7.0.2:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.8
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T18:15Z",
    "lastModifiedDate" : "2021-05-09T03:24Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1495",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-755"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc",
          "name" : "20210428 Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "6.4.0.12:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.5.0:",
          "versionEndExcluding" : "6.6.4:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.7.0:",
          "versionEndExcluding" : "6.7.0.2:",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:cisco:ios_xe:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "16.12:",
            "versionEndExcluding" : "16.12.5:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:cisco:ios_xe:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "17.1:",
            "versionEndExcluding" : "17.3.3:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:cisco:ios_xe:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "17.4:",
            "versionEndExcluding" : "17.4.1:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "2.9.17.1:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:c8200-1n-4t:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:c8200l-1n-4t:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_8300-1n1s-4t2x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_8300-1n1s-6t:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_8300-2n2s-4t2x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_8300-2n2s-6t:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_8500l:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:isr_1100-4g\\/6g:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:isr_1101:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:isr_1109:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:isr_1111x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:isr_111x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:isr_1120:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:isr_1160:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:isr_3000:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:isr_4221:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:isr_4331:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:isr_4431:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:isr_4461:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T18:15Z",
    "lastModifiedDate" : "2021-05-09T02:35Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1493",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-120"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-memc-dos-fncTyYKG",
          "name" : "20210428 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Buffer Overflow Denial of Service Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to insufficient boundary checks for specific data that is provided to the web services interface of an affected system. An attacker could exploit this vulnerability by sending a malicious HTTP request. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could disclose data fragments or cause the device to reload, resulting in a denial of service (DoS) condition."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.8:",
          "versionEndExcluding" : "9.8.4.34:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.9:",
          "versionEndExcluding" : "9.9.2.85:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.10:",
          "versionEndExcluding" : "9.12.4.13:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.13:",
          "versionEndExcluding" : "9.13.1.21:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.14:",
          "versionEndExcluding" : "9.14.2.8:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.15:",
          "versionEndExcluding" : "9.15.1.7:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "6.4.0.12:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.5.0:",
          "versionEndExcluding" : "6.6.3:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.7.0:",
          "versionEndExcluding" : "6.7.0.1:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.1,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 4.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 8.0,
        "impactScore" : 7.8,
        "acInsufInfo" : true,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T18:15Z",
    "lastModifiedDate" : "2021-05-09T03:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1489",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-400"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fdm-dos-nFES8xTN",
          "name" : "20210428 Cisco Firepower Device Manager Software Filesystem Space Exhaustion Denial of Service Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in filesystem usage management for Cisco Firepower Device Manager (FDM) Software could allow an authenticated, remote attacker to exhaust filesystem resources, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability by uploading files to the device and exhausting available filesystem resources. A successful exploit could allow the attacker to cause database errors and cause the device to become unresponsive to web-based management. Manual intervention is required to free filesystem resources and return the device to an operational state."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:cisco:firepower_device_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "6.4.0:",
            "versionEndExcluding" : "6.4.0.12:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:cisco:firepower_device_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "6.5.0:",
            "versionEndExcluding" : "6.6.4:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:cisco:firepower_device_manager:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "6.7.0:",
            "versionEndExcluding" : "6.7.0.2:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 6.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T18:15Z",
    "lastModifiedDate" : "2021-05-09T02:41Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1488",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-77"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-cmdinj-TKyQfDcU",
          "name" : "20210428 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 1000 and 2100 Series Appliances Command Injection Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the upgrade process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system (OS). This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading a crafted upgrade package file to an affected device. A successful exploit could allow the attacker to inject commands that could be executed with root privileges on the underlying OS."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "9.13:",
            "versionEndExcluding" : "9.13.1.21:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "9.14:",
            "versionEndExcluding" : "9.14.2.13:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "9.15:",
            "versionEndExcluding" : "9.15.1.10:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "6.5.0:",
            "versionEndExcluding" : "6.6.4:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "6.7.0:",
            "versionEndExcluding" : "6.7.0.2:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.7,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 0.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T18:15Z",
    "lastModifiedDate" : "2021-05-09T03:52Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1477",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-269"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-iac-pZDMQ4wC",
          "name" : "20210428 Cisco Firepower Management Center Software Policy Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in an access control mechanism of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access services beyond the scope of their authorization. This vulnerability is due to insufficient enforcement of access control in the affected software. An attacker could exploit this vulnerability by directly accessing the internal services of an affected device. A successful exploit could allow the attacker to overwrite policies and impact the configuration and operation of the affected device."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "6.4.0.12:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.5.0:",
          "versionEndExcluding" : "6.6.3:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.7.0:",
          "versionEndExcluding" : "6.7.0.2:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T18:15Z",
    "lastModifiedDate" : "2021-05-09T03:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1476",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-78"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-cmd-inj-SELprvG",
          "name" : "20210428 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Command Injection Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. To exploit this vulnerability, an attacker must have valid administrator-level credentials."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.13:",
          "versionEndExcluding" : "9.13.1.21:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.14:",
          "versionEndExcluding" : "9.14.2.13:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.15:",
          "versionEndExcluding" : "9.15.1.10:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.5.0:",
          "versionEndExcluding" : "6.6.4:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.7.0:",
          "versionEndExcluding" : "6.7.0.2:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.7,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 0.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T18:15Z",
    "lastModifiedDate" : "2021-05-09T04:00Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1458",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-yT8LNSeA",
          "name" : "20210428 Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "6.4.0.11:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.5.0:",
          "versionEndExcluding" : "6.6.3:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.7.0:",
          "versionEndExcluding" : "6.7.0.2:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.8,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.7,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T18:15Z",
    "lastModifiedDate" : "2021-05-05T17:55Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1457",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-yT8LNSeA",
          "name" : "20210428 Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "6.4.0.11:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.5.0:",
          "versionEndExcluding" : "6.6.3:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.7.0:",
          "versionEndExcluding" : "6.7.0.2:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.8,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.7,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T18:15Z",
    "lastModifiedDate" : "2021-05-05T17:59Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1456",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-yT8LNSeA",
          "name" : "20210428 Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "6.4.0.11:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.5.0:",
          "versionEndExcluding" : "6.6.3:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.7.0:",
          "versionEndExcluding" : "6.7.0.2:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.8,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.7,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T18:15Z",
    "lastModifiedDate" : "2021-05-05T17:59Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1455",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-yT8LNSeA",
          "name" : "20210428 Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "6.4.0.11:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.5.0:",
          "versionEndExcluding" : "6.6.3:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.7.0:",
          "versionEndExcluding" : "6.7.0.2:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.8,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.7,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T18:15Z",
    "lastModifiedDate" : "2021-05-05T17:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1448",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinj-vWY5wqZT",
          "name" : "20210428 Cisco Firepower Threat Defense Software Command Injection Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode. This vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "6.4.0",
            "versionEndExcluding" : "6.4.0.10",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "6.5.0",
            "versionEndExcluding" : "6.5.0.5",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "6.6.0",
            "versionEndExcluding" : "6.6.1",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T18:15Z",
    "lastModifiedDate" : "2021-05-09T02:56Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1445",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-vpn-dos-fpBcpEcD",
          "name" : "20210428 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of proper input validation of the HTTPS request. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.7:",
          "versionEndExcluding" : "9.8.4.34:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.9:",
          "versionEndExcluding" : "9.9.2.85:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.10:",
          "versionEndExcluding" : "9.12.4.13:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.13:",
          "versionEndExcluding" : "9.13.1.21:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.14:",
          "versionEndExcluding" : "9.14.2.8:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.15:",
          "versionEndExcluding" : "9.15.1.7:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.5.0:",
          "versionEndExcluding" : "6.6.4:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.7.0:",
          "versionEndExcluding" : "6.7.0.1:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T18:15Z",
    "lastModifiedDate" : "2021-05-05T17:32Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1402",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-119"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c",
          "name" : "20210428 Cisco Firepower Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message through an affected device. SSL/TLS messages sent to an affected device do not trigger this vulnerability. A successful exploit could allow the attacker to cause a process to crash. This crash would then trigger a reload of the device. No manual intervention is needed to recover the device after the reload."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "6.3.0:",
            "versionEndExcluding" : "6.4.0:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "6.5.0:",
            "versionEndExcluding" : "6.6.0:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense_virtual:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:cisco:isa_3000:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.6,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 4.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.8
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T18:15Z",
    "lastModifiedDate" : "2021-05-10T12:30Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1369",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-611"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fdm-xxe-zR7sxPfs",
          "name" : "20210428 Cisco Firepower Device Manager On-Box Software XML External Entity Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected device. This vulnerability is due to the improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by sending malicious requests that contain references in XML entities to an affected system. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information or causing a partial denial of service (DoS) condition on the affected device."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_device_manager:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "6.5.0.5:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_device_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.6.0:",
          "versionEndExcluding" : "6.6.3:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "LOW",
          "baseScore" : 5.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.5
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T18:15Z",
    "lastModifiedDate" : "2021-05-05T20:27Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1256",
        "ASSIGNER" : "psirt@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-552"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-file-overwrite-XknRjGdB",
          "name" : "20210428 Cisco Firepower Threat Defense Software Command File Overwrite Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. A successful exploit could cause system instability if important system files are overwritten. This vulnerability is due to insufficient validation of user input for the file path in a specific CLI command. An attacker could exploit this vulnerability by logging in to a targeted device and issuing a specific CLI command with crafted user input. A successful exploit could allow the attacker to overwrite arbitrary files on the file system of the affected device. The attacker would need valid user credentials on the device."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "6.4.0:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.6.0:",
          "versionEndExcluding" : "6.6.4:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.0,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 0.8,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 3.6
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T18:15Z",
    "lastModifiedDate" : "2021-05-09T03:05Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-18032",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-120"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://gitlab.com/graphviz/graphviz/-/issues/1700",
          "name" : "https://gitlab.com/graphviz/graphviz/-/issues/1700",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the \"lib/common/shapes.c\" component."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:graphviz:graphviz:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "2020-04-13:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T18:15Z",
    "lastModifiedDate" : "2021-05-09T01:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31438",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-481/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-481/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.html",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12443."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:foxitsoftware:foxit_studio_photo:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "3.6.6.933",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-05T02:34Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31437",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-480/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-480/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.html",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12384."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:foxitsoftware:foxit_studio_photo:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "3.6.6.933",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-05T02:35Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31436",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.html",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-479/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-479/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of SGI files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12376."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:foxitsoftware:foxit_studio_photo:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "3.6.6.933",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-05T02:35Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31435",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-457"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.html",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-478/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-478/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CMP files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12331."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:foxitsoftware:foxit_studio_photo:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "3.6.6.933",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-05T02:36Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31434",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.html",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-477/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-477/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12377."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:foxitsoftware:foxit_studio_photo:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "3.6.6.933",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-05T02:44Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31433",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.foxitsoftware.com/support/security-bulletins.html",
          "name" : "https://www.foxitsoftware.com/support/security-bulletins.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-476/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-476/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ARW files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12333."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:foxitsoftware:foxit_studio_photo:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "3.6.6.933",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-05T02:44Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31432",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.parallels.com/en/125013",
          "name" : "https://kb.parallels.com/en/125013",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-440/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-440/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the IDE virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13190."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:parallels:parallels_desktop:15.1.5-47309:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.0,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.5,
        "impactScore" : 4.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-06T13:39Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31431",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-439/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-439/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://kb.parallels.com/en/125013",
          "name" : "https://kb.parallels.com/en/125013",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the IDE virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13189."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:parallels:parallels_desktop:15.1.5-47309:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.0,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.5,
        "impactScore" : 4.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-06T13:39Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31430",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-438/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-438/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://kb.parallels.com/en/125013",
          "name" : "https://kb.parallels.com/en/125013",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the IDE virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13188."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:parallels:parallels_desktop:15.1.5-47309:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.0,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.5,
        "impactScore" : 4.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-06T13:37Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31429",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-122"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.parallels.com/en/125013",
          "name" : "https://kb.parallels.com/en/125013",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-437/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-437/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the IDE virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13187."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:parallels:parallels_desktop:15.1.5-47309:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.2,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.5,
        "impactScore" : 6.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-06T13:34Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31428",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-122"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.parallels.com/en/125013",
          "name" : "https://kb.parallels.com/en/125013",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-436/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-436/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the IDE virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13186."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:parallels:parallels_desktop:15.1.5-47309:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.2,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.5,
        "impactScore" : 6.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-06T13:28Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31427",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-367"
          }, {
            "lang" : "en",
            "value" : "CWE-667"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.parallels.com/en/125013",
          "name" : "https://kb.parallels.com/en/125013",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-435/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-435/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Open Tools Gate component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13082."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:parallels:parallels_desktop:15.1.5-47309:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.6,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.1,
        "impactScore" : 4.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 1.9
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.4,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-05T20:44Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31426",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-190"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.parallels.com/en/125013",
          "name" : "https://kb.parallels.com/en/125013",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-433/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-433/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel on the target guest system. Was ZDI-CAN-12791."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:parallels:parallels_desktop:16.1.2-49151:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.0,
        "impactScore" : 6.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-05T20:42Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31425",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-190"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.parallels.com/en/125013",
          "name" : "https://kb.parallels.com/en/125013",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-432/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-432/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel on the target guest system. Was ZDI-CAN-12790."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:parallels:parallels_desktop:16.1.2-49151:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.0,
        "impactScore" : 6.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-07T18:34Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31424",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-122"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.parallels.com/en/125013",
          "name" : "https://kb.parallels.com/en/125013",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-434/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-434/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Open Tools Gate component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12848."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:parallels:parallels_desktop:15.1.5-47309:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.0,
        "impactScore" : 6.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-10T12:57Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31423",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-908"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.parallels.com/en/125013",
          "name" : "https://kb.parallels.com/en/125013",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-431/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-431/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12528."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:parallels:parallels_desktop:15.1.5-47309:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.0,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.5,
        "impactScore" : 4.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-07T02:24Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31422",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-367"
          }, {
            "lang" : "en",
            "value" : "CWE-667"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.parallels.com/en/125013",
          "name" : "https://kb.parallels.com/en/125013",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-430/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-430/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000e virtual device. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12527."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:parallels:parallels_desktop:16.1.1-49141:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 0.8,
        "impactScore" : 6.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.4
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.4,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-10T13:49Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31421",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-22"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.parallels.com/en/125013",
          "name" : "https://kb.parallels.com/en/125013",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-425/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-425/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows local attackers to delete arbitrary files on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete arbitrary files in the context of the hypervisor. Was ZDI-CAN-12129."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:parallels:parallels_desktop:16.1.1-49141:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.0,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.5,
        "impactScore" : 4.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-10T13:55Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31420",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-121"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-428/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-428/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://kb.parallels.com/en/125013",
          "name" : "https://kb.parallels.com/en/125013",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.0-48950. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12220."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:parallels:parallels_desktop:16.1.0-48950:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.0,
        "impactScore" : 6.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-06T19:11Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31419",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-908"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-427/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-427/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://kb.parallels.com/en/125013",
          "name" : "https://kb.parallels.com/en/125013",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12136."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:parallels:parallels_desktop:15.1.4-47270:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.0,
        "impactScore" : 4.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-06T19:11Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31418",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-908"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-429/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-429/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://kb.parallels.com/en/125013",
          "name" : "https://kb.parallels.com/en/125013",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12221."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:parallels:parallels_desktop:15.1.4-47270:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.0,
        "impactScore" : 4.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-06T19:10Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31417",
        "ASSIGNER" : "zdi-disclosures@trendmicro.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-908"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.parallels.com/en/125013",
          "name" : "https://kb.parallels.com/en/125013",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-426/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-426/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12131."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:parallels:parallels_desktop:15.1.4-47270:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.0,
        "impactScore" : 4.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-06T19:09Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30048",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-22"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/201206030/novel-plus/issues/39",
          "name" : "https://github.com/201206030/novel-plus/issues/39",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://www.exploit-db.com/exploits/49724",
          "name" : "https://www.exploit-db.com/exploits/49724",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (?????-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:novel_boutique_house-plus_project:novel_boutique_house-plus:3.5.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-08T03:44Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21415",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-94"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://marketplace.visualstudio.com/items?itemName=Prisma.prisma-insider",
          "name" : "https://marketplace.visualstudio.com/items?itemName=Prisma.prisma-insider",
          "refsource" : "MISC",
          "tags" : [ "Product" ]
        }, {
          "url" : "https://github.com/prisma/language-tools/pull/750",
          "name" : "https://github.com/prisma/language-tools/pull/750",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/prisma/language-tools/security/advisories/GHSA-4rf9-43m7-x828",
          "name" : "https://github.com/prisma/language-tools/security/advisories/GHSA-4rf9-43m7-x828",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://marketplace.visualstudio.com/items?itemName=Prisma.prisma",
          "name" : "https://marketplace.visualstudio.com/items?itemName=Prisma.prisma",
          "refsource" : "MISC",
          "tags" : [ "Product" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary path for the Prisma format binary is set in VS Code Settings, for example by downloading a project that has a .vscode/settings.json file that sets a value for \"prismaFmtBinPath\". That custom binary is executed when auto-formatting is triggered by VS Code or when validation checks are triggered after each keypress on a *.prisma file. Fixed in versions 2.20.0 and 20.0.27. As a workaround users can either edit or delete the `.vscode/settings.json` file or check if the binary is malicious and delete it."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:prisma:language-tools:*:*:*:*:*:visual_studio_code:*:*",
          "versionEndExcluding" : "2.20.0:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T17:15Z",
    "lastModifiedDate" : "2021-05-09T02:02Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30234",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-77"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://iot.10086.cn/?l=en-us",
          "name" : "http://iot.10086.cn/?l=en-us",
          "refsource" : "MISC",
          "tags" : [ "Product" ]
        }, {
          "url" : "https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520",
          "name" : "https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection7.md",
          "name" : "https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection7.md",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the MLD_PROXY_WAN_CONNECT parameter."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:chinamobile:an_lianbao_wf-1_firmware:1.0.1:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:chinamobile:an_lianbao_wf-1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T16:15Z",
    "lastModifiedDate" : "2021-05-07T18:25Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30233",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-77"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection8.md",
          "name" : "https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection8.md",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "http://iot.10086.cn/?l=en-us",
          "name" : "http://iot.10086.cn/?l=en-us",
          "refsource" : "MISC",
          "tags" : [ "Product" ]
        }, {
          "url" : "https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520",
          "name" : "https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iptv_vlan parameter."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:chinamobile:an_lianbao_wf-1_firmware:1.0.1:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:chinamobile:an_lianbao_wf-1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T16:15Z",
    "lastModifiedDate" : "2021-05-06T21:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30232",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-77"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://iot.10086.cn/?l=en-us",
          "name" : "http://iot.10086.cn/?l=en-us",
          "refsource" : "MISC",
          "tags" : [ "Product" ]
        }, {
          "url" : "https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520",
          "name" : "https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection6.md",
          "name" : "https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection6.md",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the IGMP_PROXY_WAN_CONNECT parameter."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:chinamobile:an_lianbao_wf-1_firmware:1.0.1:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:chinamobile:an_lianbao_wf-1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T16:15Z",
    "lastModifiedDate" : "2021-05-06T21:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30231",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-77"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://iot.10086.cn/?l=en-us",
          "name" : "http://iot.10086.cn/?l=en-us",
          "refsource" : "MISC",
          "tags" : [ "Product" ]
        }, {
          "url" : "https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520",
          "name" : "https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection4.md",
          "name" : "https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection4.md",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the bssaddr, abiaddr, devtoken, devid, elinksync, or elink_proc_enable parameter."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:chinamobile:an_lianbao_wf-1_firmware:1.0.1:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:chinamobile:an_lianbao_wf-1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T16:15Z",
    "lastModifiedDate" : "2021-05-07T18:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30230",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-77"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://iot.10086.cn/?l=en-us",
          "name" : "http://iot.10086.cn/?l=en-us",
          "refsource" : "MISC",
          "tags" : [ "Product" ]
        }, {
          "url" : "https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520",
          "name" : "https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection5.md",
          "name" : "https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection5.md",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the zonename parameter."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:chinamobile:an_lianbao_wf-1_firmware:1.0.1:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:chinamobile:an_lianbao_wf-1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T16:15Z",
    "lastModifiedDate" : "2021-05-07T18:30Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30229",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-77"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://iot.10086.cn/?l=en-us",
          "name" : "http://iot.10086.cn/?l=en-us",
          "refsource" : "MISC",
          "tags" : [ "Product" ]
        }, {
          "url" : "https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520",
          "name" : "https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection3.md",
          "name" : "https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection3.md",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The api/zrDm/set_zrDm interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dm_enable, AppKey, or Pwd parameter."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:chinamobile:an_lianbao_wf-1_firmware:1.0.1:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:chinamobile:an_lianbao_wf-1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T16:15Z",
    "lastModifiedDate" : "2021-05-07T18:30Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30228",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-77"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://iot.10086.cn/?l=en-us",
          "name" : "http://iot.10086.cn/?l=en-us",
          "refsource" : "MISC",
          "tags" : [ "Product" ]
        }, {
          "url" : "https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520",
          "name" : "https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection2.md",
          "name" : "https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection2.md",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iandlink_proc_enable parameter."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:chinamobile:an_lianbao_wf-1_firmware:1.0.1:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:chinamobile:an_lianbao_wf-1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T16:15Z",
    "lastModifiedDate" : "2021-05-07T18:29Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30227",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/emlog/emlog/issues/79",
          "name" : "https://github.com/emlog/emlog/issues/79",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Cross Site Scripting (XSS) vulnerability in the article comments feature in emlog 6.0."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:emlog:emlog:6.0.0:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T16:15Z",
    "lastModifiedDate" : "2021-05-03T18:03Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29350",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/XD-519/Doc/blob/main/sql%20injection.md",
          "name" : "https://github.com/XD-519/Doc/blob/main/sql%20injection.md",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "SQL injection in the getip function in conn/function.php in ??100-???????? 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/product_add.php."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:shipment_100-design_material_download_system_project:shipment_100-design_material_download_system:1.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.2,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.2,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T16:15Z",
    "lastModifiedDate" : "2021-05-09T02:26Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25812",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-77"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zhipinmall.com/prodetail?id=1266#skuId=3020",
          "name" : "https://www.zhipinmall.com/prodetail?id=1266#skuId=3020",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection.md",
          "name" : "https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection.md",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://iot.10086.cn/?l=en-us",
          "name" : "http://iot.10086.cn/?l=en-us",
          "refsource" : "MISC",
          "tags" : [ "Product" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/set_online_client."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:chinamobile:an_lianbao_wf-1_firmware:1.0.1:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:chinamobile:an_lianbao_wf-1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T16:15Z",
    "lastModifiedDate" : "2021-05-07T18:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25811",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.mercusys.com/en/",
          "name" : "https://www.mercusys.com/en/",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.mercurycom.com.cn/product-521-1.html",
          "name" : "https://www.mercurycom.com.cn/product-521-1.html",
          "refsource" : "MISC",
          "tags" : [ "Product", "Vendor Advisory" ]
        }, {
          "url" : "https://github.com/pokerfacett/MY_REQUEST/blob/master/Mercury%20Router%20X18g%20v1.0.5%20Denial%20of%20Service.md",
          "name" : "https://github.com/pokerfacett/MY_REQUEST/blob/master/Mercury%20Router%20X18g%20v1.0.5%20Denial%20of%20Service.md",
          "refsource" : "MISC",
          "tags" : [ "Broken Link" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listen_http_lan parameter to uhttpd.json is manually fixed."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:mercusys:mercury_x18g_firmware:1.0.5:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:mercusys:mercury_x18g:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.8
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T16:15Z",
    "lastModifiedDate" : "2021-05-08T04:04Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25810",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.mercusys.com/en/",
          "name" : "https://www.mercusys.com/en/",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.mercurycom.com.cn/product-521-1.html",
          "name" : "https://www.mercurycom.com.cn/product-521-1.html",
          "refsource" : "MISC",
          "tags" : [ "Broken Link" ]
        }, {
          "url" : "https://github.com/pokerfacett/MY_REQUEST/blob/master/Mercury%20Router%20X18g%20v1.0.5%20Stored%20XSS.md",
          "name" : "https://github.com/pokerfacett/MY_REQUEST/blob/master/Mercury%20Router%20X18g%20v1.0.5%20Stored%20XSS.md",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:mercusys:mercury_x18g_firmware:1.0.5:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:mercusys:mercury_x18g:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T16:15Z",
    "lastModifiedDate" : "2021-05-05T20:11Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20294",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-119"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1943533",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1943533",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Third Party Advisory" ]
        }, {
          "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=26929",
          "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=26929",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "2.35.2",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T16:15Z",
    "lastModifiedDate" : "2021-05-09T01:34Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20228",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-200"
          }, {
            "lang" : "en",
            "value" : "CWE-522"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1925002",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1925002",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/ansible/ansible/pull/73487",
          "name" : "https://github.com/ansible/ansible/pull/73487",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redhat:ansible_engine:2.9.18:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redhat:ansible_automation_platform:1.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redhat:ansible_engine:2.9:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redhat:ansible_tower:3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T16:15Z",
    "lastModifiedDate" : "2021-05-03T20:43Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30224",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-352"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://forum.rukovoditel.net/viewtopic.php?f=19&t=2760",
          "name" : "https://forum.rukovoditel.net/viewtopic.php?f=19&t=2760",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Vendor Advisory" ]
        }, {
          "url" : "https://gist.github.com/victomteng1997/d5f2db1d37aed5792c28685068ec41e2",
          "name" : "https://gist.github.com/victomteng1997/d5f2db1d37aed5792c28685068ec41e2",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:rukovoditel:rukovoditel:2.8.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T15:15Z",
    "lastModifiedDate" : "2021-05-03T18:03Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30219",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-476"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/michaelforney/samurai/commit/d2af3bc375e2a77139c3a28d6128c60cd8d08655",
          "name" : "https://github.com/michaelforney/samurai/commit/d2af3bc375e2a77139c3a28d6128c60cd8d08655",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/michaelforney/samurai/issues/68",
          "name" : "https://github.com/michaelforney/samurai/issues/68",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "samurai 1.2 has a NULL pointer dereference in printstatus() function in build.c via a crafted build file."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:samurai_project:samurai:1.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T15:15Z",
    "lastModifiedDate" : "2021-05-03T18:01Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30218",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-476"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/michaelforney/samurai/commit/e84b6d99c85043fa1ba54851ee500540ec206918",
          "name" : "https://github.com/michaelforney/samurai/commit/e84b6d99c85043fa1ba54851ee500540ec206918",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/michaelforney/samurai/issues/67",
          "name" : "https://github.com/michaelforney/samurai/issues/67",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "samurai 1.2 has a NULL pointer dereference in writefile() in util.c via a crafted build file."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:samurai_project:samurai:1.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T15:15Z",
    "lastModifiedDate" : "2021-05-03T18:02Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30027",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-908"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/mity/md4c/commit/4fc808d8fe8d8904f8525bb4231d854f45e23a19",
          "name" : "https://github.com/mity/md4c/commit/4fc808d8fe8d8904f8525bb4231d854f45e23a19",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/mity/md4c/issues/155",
          "name" : "https://github.com/mity/md4c/issues/155",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:md4c_project:md4c:0.4.7:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T15:15Z",
    "lastModifiedDate" : "2021-05-09T01:25Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28280",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://anotepad.com/notes/2skndayt",
          "name" : "https://anotepad.com/notes/2skndayt",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/PHPFusion/PHPFusion/commit/da9f89ae70219f357fba6fffd2dae1ec886d8a3b",
          "name" : "https://github.com/PHPFusion/PHPFusion/commit/da9f89ae70219f357fba6fffd2dae1ec886d8a3b",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/PHPFusion/PHPFusion/commit/fda266c3bb35c650a8c4c51b6923abdfb66ef5cd",
          "name" : "https://github.com/PHPFusion/PHPFusion/commit/fda266c3bb35c650a8c4c51b6923abdfb66ef5cd",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/PHPFusion/PHPFusion/commit/1c2b32321cf11ed1cd3ff835f8da0d172c849ce6",
          "name" : "https://github.com/PHPFusion/PHPFusion/commit/1c2b32321cf11ed1cd3ff835f8da0d172c849ce6",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/PHPFusion/PHPFusion/commit/08d6c2ea49bd06fcce32275252f5f25abe61965c",
          "name" : "https://github.com/PHPFusion/PHPFusion/commit/08d6c2ea49bd06fcce32275252f5f25abe61965c",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:php-fusion:phpfusion:9.03.110:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T15:15Z",
    "lastModifiedDate" : "2021-05-08T04:30Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-27651",
        "ASSIGNER" : "security@pega.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-287"
          }, {
            "lang" : "en",
            "value" : "CWE-640"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://collaborate.pega.com/discussion/pega-security-advisory-a21-hotfix-matrix",
          "name" : "https://collaborate.pega.com/discussion/pega-security-advisory-a21-hotfix-matrix",
          "refsource" : "CONFIRM",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:pega:infinity:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.2.1",
          "versionEndIncluding" : "8.5.2",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T15:15Z",
    "lastModifiedDate" : "2021-05-03T19:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20095",
        "ASSIGNER" : "vulnreport@tenable.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-22"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.tenable.com/security/research/tra-2021-14",
          "name" : "https://www.tenable.com/security/research/tra-2021-14",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKXUEWVKU5WASYSAFXQP6SFSDOG773RV/",
          "name" : "FEDORA-2021-7e2a143808",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MORYINYUSYI6XLC4UKPRGGFD2WMO7GSM/",
          "name" : "FEDORA-2021-a499f89369",
          "refsource" : "FEDORA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Relative Path Traversal in Babel 2.9.0 allows an attacker to load arbitrary locale files on disk and execute arbitrary code."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:pocoo:babel:2.9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T15:15Z",
    "lastModifiedDate" : "2021-05-09T03:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20092",
        "ASSIGNER" : "vulnreport@tenable.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-200"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.tenable.com/security/research/tra-2021-13",
          "name" : "https://www.tenable.com/security/research/tra-2021-13",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wsr-2533dhpl2-bk_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.02",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wsr-2533dhpl2-bk:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wsr-2533dhp3-bk_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.24",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wsr-2533dhp3-bk:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T15:15Z",
    "lastModifiedDate" : "2021-05-05T18:02Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20091",
        "ASSIGNER" : "vulnreport@tenable.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.tenable.com/security/research/tra-2021-13",
          "name" : "https://www.tenable.com/security/research/tra-2021-13",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wsr-2533dhpl2-bk_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.02",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wsr-2533dhpl2-bk:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wsr-2533dhp3-bk_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.24",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wsr-2533dhp3-bk:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T15:15Z",
    "lastModifiedDate" : "2021-05-05T18:01Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20090",
        "ASSIGNER" : "vulnreport@tenable.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-22"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.tenable.com/security/research/tra-2021-13",
          "name" : "https://www.tenable.com/security/research/tra-2021-13",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wsr-2533dhpl2-bk_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.02",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wsr-2533dhpl2-bk:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wsr-2533dhp3-bk_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.24",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wsr-2533dhp3-bk:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T15:15Z",
    "lastModifiedDate" : "2021-05-08T04:41Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-22002",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-918"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/172839",
          "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/172839",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5545.php",
          "name" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5545.php",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:inim:smartliving_505_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:inim:smartliving_505:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:inim:smartliving_515_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:inim:smartliving_515:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:inim:smartliving_1050_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:inim:smartliving_1050:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:inim:smartliving_1050g3_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:inim:smartliving_1050g3:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:inim:smartliving_10100l_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:inim:smartliving_10100l:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:inim:smartliving_10100lg3_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:inim:smartliving_10100lg3:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T15:15Z",
    "lastModifiedDate" : "2021-05-05T17:56Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-21997",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-200"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5541.php",
          "name" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5541.php",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://www.exploit-db.com/exploits/47596",
          "name" : "Exploit Database",
          "refsource" : "EXPLOIT-DB",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. An attacker could disclose sensitive and clear-text information resulting in authentication bypass, session hijacking and full system control."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:smartwares:home_easy_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.0.9",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:smartwares:home_easy:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T15:15Z",
    "lastModifiedDate" : "2021-05-05T20:35Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29141",
        "ASSIGNER" : "security-alert@hpe.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-863"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
          "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.7.0",
          "versionEndExcluding" : "6.7.14",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.8.0",
          "versionEndExcluding" : "6.8.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T14:15Z",
    "lastModifiedDate" : "2021-05-07T15:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29139",
        "ASSIGNER" : "security-alert@hpe.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
          "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.7.0",
          "versionEndExcluding" : "6.7.14",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:6.7.14:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.8.0",
          "versionEndExcluding" : "6.8.9",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.9.0",
          "versionEndExcluding" : "6.9.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.8,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.7,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T14:15Z",
    "lastModifiedDate" : "2021-05-07T14:47Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-21990",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-863"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exploit-db.com/exploits/47824",
          "name" : "Exploit Database",
          "refsource" : "EXPLOIT-DB",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5555.php",
          "name" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5555.php",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:domoticz:mydomoathome:0.240:*:*:*:*:node.js:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T14:15Z",
    "lastModifiedDate" : "2021-05-08T04:57Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29142",
        "ASSIGNER" : "security-alert@hpe.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
          "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.7.0",
          "versionEndExcluding" : "6.7.14",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:6.7.14:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.8.0",
          "versionEndExcluding" : "6.8.9",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.9.0",
          "versionEndExcluding" : "6.9.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.8,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.7,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T13:15Z",
    "lastModifiedDate" : "2021-05-07T15:17Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29140",
        "ASSIGNER" : "security-alert@hpe.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-611"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
          "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.7.0",
          "versionEndExcluding" : "6.7.13",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.8.0",
          "versionEndExcluding" : "6.8.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "LOW",
          "baseScore" : 8.2,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 4.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.4
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T13:15Z",
    "lastModifiedDate" : "2021-05-07T15:12Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29138",
        "ASSIGNER" : "security-alert@hpe.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-522"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
          "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.7.0",
          "versionEndExcluding" : "6.7.5",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.8.0",
          "versionEndExcluding" : "6.8.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T13:15Z",
    "lastModifiedDate" : "2021-05-07T15:01Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29147",
        "ASSIGNER" : "security-alert@hpe.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-78"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
          "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.7.0",
          "versionEndExcluding" : "6.7.14",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:6.7.14:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.8.0",
          "versionEndExcluding" : "6.8.8",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.9.0",
          "versionEndExcluding" : "6.9.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 9.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 8.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T12:15Z",
    "lastModifiedDate" : "2021-05-07T21:48Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29146",
        "ASSIGNER" : "security-alert@hpe.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
          "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.7.0",
          "versionEndExcluding" : "6.7.14",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:6.7.14:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.8.0",
          "versionEndExcluding" : "6.8.9",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.9.0",
          "versionEndExcluding" : "6.9.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.3,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T12:15Z",
    "lastModifiedDate" : "2021-05-07T21:49Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29145",
        "ASSIGNER" : "security-alert@hpe.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-918"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
          "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.7.0",
          "versionEndExcluding" : "6.7.14",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.8.0",
          "versionEndExcluding" : "6.8.6",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.9.0",
          "versionEndExcluding" : "6.9.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T12:15Z",
    "lastModifiedDate" : "2021-05-10T14:06Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29144",
        "ASSIGNER" : "security-alert@hpe.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-863"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
          "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.7.0",
          "versionEndExcluding" : "6.7.14",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.8.0",
          "versionEndExcluding" : "6.8.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T12:15Z",
    "lastModifiedDate" : "2021-05-10T14:09Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29137",
        "ASSIGNER" : "security-alert@hpe.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-601"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
          "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "8.2.12.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T12:15Z",
    "lastModifiedDate" : "2021-05-03T20:57Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25167",
        "ASSIGNER" : "security-alert@hpe.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-269"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
          "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "8.2.12.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T11:15Z",
    "lastModifiedDate" : "2021-05-03T21:02Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25166",
        "ASSIGNER" : "security-alert@hpe.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-77"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
          "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "8.2.12.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T11:15Z",
    "lastModifiedDate" : "2021-05-03T21:12Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25163",
        "ASSIGNER" : "security-alert@hpe.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-611"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
          "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "8.2.12.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.1,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T11:15Z",
    "lastModifiedDate" : "2021-05-03T23:02Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31879",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-601"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html",
          "name" : "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "1.21.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-29T05:15Z",
    "lastModifiedDate" : "2021-05-06T21:24Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25216",
        "ASSIGNER" : "security-officer@isc.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.isc.org/v1/docs/cve-2021-25215",
          "name" : "https://kb.isc.org/v1/docs/cve-2021-25215",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/04/29/1",
          "name" : "[oss-security] 20210428 ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/04/29/2",
          "name" : "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/04/29/3",
          "name" : "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/04/29/4",
          "name" : "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4909",
          "name" : "DSA-4909",
          "refsource" : "DEBIAN",
          "tags" : [ ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html",
          "name" : "[debian-lts-announce] 20210504 [SECURITY] [DLA 2647-1] bind9 security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting values for the tkey-gssapi-keytab or tkey-gssapi-credential configuration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. For servers that meet these conditions, the ISC SPNEGO implementation is vulnerable to various attacks, depending on the CPU architecture for which BIND was built: For named binaries compiled for 64-bit platforms, this flaw can be used to trigger a buffer over-read, leading to a server crash. For named binaries compiled for 32-bit platforms, this flaw can be used to trigger a server crash due to a buffer overflow and possibly also to achieve remote code execution. We have determined that standard SPNEGO implementations are available in the MIT and Heimdal Kerberos libraries, which support a broad range of operating systems, rendering the ISC implementation unnecessary and obsolete. Therefore, to reduce the attack surface for BIND users, we will be removing the ISC SPNEGO implementation in the April releases of BIND 9.11 and 9.16 (it had already been dropped from BIND 9.17). We would not normally remove something from a stable ESV (Extended Support Version) of BIND, but since system libraries can replace the ISC SPNEGO implementation, we have made an exception in this case for reasons of stability and security."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-04-29T01:15Z",
    "lastModifiedDate" : "2021-05-04T14:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25215",
        "ASSIGNER" : "security-officer@isc.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-617"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.isc.org/v1/docs/cve-2021-25215",
          "name" : "https://kb.isc.org/v1/docs/cve-2021-25215",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/04/29/1",
          "name" : "[oss-security] 20210428 ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/04/29/2",
          "name" : "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/04/29/3",
          "name" : "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/04/29/4",
          "name" : "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4909",
          "name" : "DSA-4909",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html",
          "name" : "[debian-lts-announce] 20210504 [SECURITY] [DLA 2647-1] bind9 security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/",
          "name" : "FEDORA-2021-ace61cbee1",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/",
          "name" : "FEDORA-2021-47f23870ec",
          "refsource" : "FEDORA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
          "versionStartIncluding" : "9.0.0",
          "versionEndExcluding" : "9.11.31",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:supported_preview:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:isc:bind:9.9.12:s1:*:*:supported_preview:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:isc:bind:9.9.13:s1:*:*:supported_preview:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:isc:bind:9.10.5:s1:*:*:supported_preview:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:isc:bind:9.11.3:s1:*:*:supported_preview:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:isc:bind:9.11.5:s5:*:*:supported_preview:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:isc:bind:9.11.5:s6:*:*:supported_preview:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:isc:bind:9.11.6:s1:*:*:supported_preview:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:isc:bind:9.11.7:s1:*:*:supported_preview:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:isc:bind:9.11.8:s1:*:*:supported_preview:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:isc:bind:9.11.12:s1:*:*:supported_preview:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:isc:bind:9.11.27:s1:*:*:supported_preview:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:isc:bind:9.11.29:s1:*:*:supported_preview:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
          "versionStartIncluding" : "9.12.0",
          "versionEndExcluding" : "9.16.15",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:isc:bind:9.16.8:s1:*:*:supported_preview:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:isc:bind:9.16.11:s1:*:*:supported_preview:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:isc:bind:9.16.13:s1:*:*:supported_preview:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
          "versionStartIncluding" : "9.17.0",
          "versionEndExcluding" : "9.17.12",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T01:15Z",
    "lastModifiedDate" : "2021-05-09T03:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25214",
        "ASSIGNER" : "security-officer@isc.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.isc.org/v1/docs/cve-2021-25214",
          "name" : "https://kb.isc.org/v1/docs/cve-2021-25214",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/04/29/1",
          "name" : "[oss-security] 20210428 ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/04/29/2",
          "name" : "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/04/29/3",
          "name" : "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/04/29/4",
          "name" : "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4909",
          "name" : "DSA-4909",
          "refsource" : "DEBIAN",
          "tags" : [ ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html",
          "name" : "[debian-lts-announce] 20210504 [SECURITY] [DLA 2647-1] bind9 security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/",
          "name" : "FEDORA-2021-ace61cbee1",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/",
          "name" : "FEDORA-2021-47f23870ec",
          "refsource" : "FEDORA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ ]
    },
    "impact" : { },
    "publishedDate" : "2021-04-29T01:15Z",
    "lastModifiedDate" : "2021-05-09T03:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21414",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-78"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/prisma/prisma/pull/6245",
          "name" : "https://github.com/prisma/prisma/pull/6245",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/prisma/prisma/security/advisories/GHSA-pxcc-hj8w-fmm7",
          "name" : "https://github.com/prisma/prisma/security/advisories/GHSA-pxcc-hj8w-fmm7",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Prisma is an open source ORM for Node.js & TypeScript. As of today, we are not aware of any Prisma users or external consumers of the `@prisma/sdk` package who are affected by this security vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. It only affects the `getPackedPackage` function and this function is not advertised and only used for tests & building our CLI, no malicious code was found after checking our codebase."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:prisma:prisma:*:*:*:*:*:node.js:*:*",
          "versionEndExcluding" : "2.20.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.2,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.2,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-29T01:15Z",
    "lastModifiedDate" : "2021-05-08T03:54Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-2321",
        "ASSIGNER" : "secalert_us@oracle.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "name" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "6.1.20",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.0,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.5,
        "impactScore" : 4.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T22:15Z",
    "lastModifiedDate" : "2021-05-07T15:55Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29483",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-200"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-jmc9-rv2f-g8vv",
          "name" : "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-jmc9-rv2f-g8vv",
          "refsource" : "CONFIRM",
          "tags" : [ "Mitigation", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://phabricator.miraheze.org/T7213",
          "name" : "https://phabricator.miraheze.org/T7213",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/miraheze/ManageWiki/commit/befb83c66f5b643e174897ea41a8a46679b26304",
          "name" : "https://github.com/miraheze/ManageWiki/commit/befb83c66f5b643e174897ea41a8a46679b26304",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18...befb83c66f5b.patch. If you are unable to patch set `$wgAPIListModules['wikiconfig'] = 'ApiQueryDisabled';` or remove private config as a workaround."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:miraheze:managewiki:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "2021-04-28",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T22:15Z",
    "lastModifiedDate" : "2021-05-08T02:26Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-7038",
        "ASSIGNER" : "securityalerts@avaya.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-863"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.avaya.com/css/P8/documents/101075574",
          "name" : "https://support.avaya.com/css/P8/documents/101075574",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox Conferencing include all 3.x versions before 3.17. Avaya Equinox Conferencing is now offered as Avaya Meetings Server."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:avaya:equinox_conferencing:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.0.0",
          "versionEndExcluding" : "9.1.11",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T22:15Z",
    "lastModifiedDate" : "2021-05-08T02:19Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-7037",
        "ASSIGNER" : "securityalerts@avaya.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-611"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.avaya.com/css/P8/documents/101075574",
          "name" : "https://support.avaya.com/css/P8/documents/101075574",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service. The affected versions of Avaya Equinox Conferencing includes all 9.x versions before 9.1.11. Equinox Conferencing is now offered as Avaya Meetings Server."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:avaya:equinox_conferencing:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.0.0",
          "versionEndExcluding" : "9.1.11",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.1,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T22:15Z",
    "lastModifiedDate" : "2021-05-07T01:22Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-22790",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://mexicanpentester.com/2020/04/09/vulnerabilities-in-fme-server-versions-2019-2-and-2020-0-beta-and-probably-previous-versions/",
          "name" : "https://mexicanpentester.com/2020/04/09/vulnerabilities-in-fme-server-versions-2019-2-and-2020-0-beta-and-probably-previous-versions/",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:safe:fme_server:2019.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:safe:fme_server:2020.0:beta:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.3,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-28T21:15Z",
    "lastModifiedDate" : "2021-05-07T02:54Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-22789",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://mexicanpentester.com/2020/04/09/vulnerabilities-in-fme-server-versions-2019-2-and-2020-0-beta-and-probably-previous-versions/",
          "name" : "https://mexicanpentester.com/2020/04/09/vulnerabilities-in-fme-server-versions-2019-2-and-2020-0-beta-and-probably-previous-versions/",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:safe:fme_server:2019.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:safe:fme_server:2020.0:beta:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-28T21:15Z",
    "lastModifiedDate" : "2021-05-07T02:52Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-22785",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-770"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/ether/etherpad-lite/pull/3833",
          "name" : "https://github.com/ether/etherpad-lite/pull/3833",
          "refsource" : "CONFIRM",
          "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Etherpad < 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:etherpad:etherpad:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.8.3",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T21:15Z",
    "lastModifiedDate" : "2021-05-05T19:39Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-22784",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-863"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/ether/ueberDB/commit/e8b58d03534ade8d83c2d1946a8350a23952531e",
          "name" : "https://github.com/ether/ueberDB/commit/e8b58d03534ade8d83c2d1946a8350a23952531e",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing access controls enforced on key names."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:etherpad:ueberdb:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.4.8",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T21:15Z",
    "lastModifiedDate" : "2021-05-06T22:07Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-22783",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-312"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/ether/etherpad-lite/issues/3421",
          "name" : "https://github.com/ether/etherpad-lite/issues/3421",
          "refsource" : "CONFIRM",
          "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/ether/etherpad-lite/commit/53f126082a8b3d094e48b159f0f0bc8a5db4b2f4",
          "name" : "https://github.com/ether/etherpad-lite/commit/53f126082a8b3d094e48b159f0f0bc8a5db4b2f4",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:etherpad:etherpad:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.8.3",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T21:15Z",
    "lastModifiedDate" : "2021-05-05T19:58Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-22782",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/ether/etherpad-lite/issues/3825",
          "name" : "https://github.com/ether/etherpad-lite/issues/3825",
          "refsource" : "CONFIRM",
          "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Etherpad < 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:etherpad:etherpad:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.8.3",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T21:15Z",
    "lastModifiedDate" : "2021-05-05T20:07Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-22781",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/ether/etherpad-lite/issues/3502",
          "name" : "https://github.com/ether/etherpad-lite/issues/3502",
          "refsource" : "CONFIRM",
          "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:etherpad:etherpad:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.8.3",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T21:15Z",
    "lastModifiedDate" : "2021-05-05T20:19Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25165",
        "ASSIGNER" : "security-alert@hpe.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-611"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
          "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "8.2.12.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.1,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T20:15Z",
    "lastModifiedDate" : "2021-05-07T02:32Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25164",
        "ASSIGNER" : "security-alert@hpe.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-611"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
          "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "8.2.12.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.2,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T20:15Z",
    "lastModifiedDate" : "2021-05-07T02:49Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29482",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-835"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27",
          "name" : "https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b",
          "name" : "https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size of the compressed file input to a reasonable size for their use case. The standard library had recently the same issue and got the CVE-2020-16845 allocated."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:xz_project:xz:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "0.5.8",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T19:15Z",
    "lastModifiedDate" : "2021-05-07T01:30Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25154",
        "ASSIGNER" : "security-alert@hpe.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-269"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
          "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "8.2.12.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.6,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 6.8,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T19:15Z",
    "lastModifiedDate" : "2021-05-05T20:38Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25153",
        "ASSIGNER" : "security-alert@hpe.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
          "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "8.2.12.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 8.1,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T19:15Z",
    "lastModifiedDate" : "2021-05-05T20:37Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25151",
        "ASSIGNER" : "security-alert@hpe.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-502"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
          "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "8.2.12.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 9.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 8.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T19:15Z",
    "lastModifiedDate" : "2021-05-07T02:36Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-23364",
        "ASSIGNER" : "report@snyk.io"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-Other"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1277182",
          "name" : "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1277182",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/browserslist/browserslist/commit/c091916910dfe0b5fd61caad96083c6709b02d98",
          "name" : "https://github.com/browserslist/browserslist/commit/c091916910dfe0b5fd61caad96083c6709b02d98",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/browserslist/browserslist/pull/593",
          "name" : "https://github.com/browserslist/browserslist/pull/593",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/browserslist/browserslist/blob/e82f32d1d4100d6bc79ea0b6b6a2d281a561e33c/index.js%23L472-L474",
          "name" : "https://github.com/browserslist/browserslist/blob/e82f32d1d4100d6bc79ea0b6b6a2d281a561e33c/index.js%23L472-L474",
          "refsource" : "MISC",
          "tags" : [ "Broken Link" ]
        }, {
          "url" : "https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194",
          "name" : "https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:browserslist_project:browserslist:*:*:*:*:*:node.js:*:*",
          "versionStartIncluding" : "4.0.0",
          "versionEndExcluding" : "4.16.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "LOW",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T16:15Z",
    "lastModifiedDate" : "2021-05-05T20:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-18022",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/hpj233/qibocms/blob/master/v7",
          "name" : "https://github.com/hpj233/qibocms/blob/master/v7",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the \"ewebeditor\\3.1.1\\kindeditor.js\" component."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:qibosoft:qibocms:v7:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T16:15Z",
    "lastModifiedDate" : "2021-05-10T14:13Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-17999",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/bg5sbk/MiniCMS/issues/27",
          "name" : "https://github.com/bg5sbk/MiniCMS/issues/27",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote attackers to execute arbitrary code by injecting commands via a crafted HTTP request to the component \"/mc-admin/post-edit.php\"."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:1234n:minicms:1.10:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-28T16:15Z",
    "lastModifiedDate" : "2021-05-05T20:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25147",
        "ASSIGNER" : "security-alert@hpe.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-287"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
          "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "8.2.12.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.1,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.2,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T15:15Z",
    "lastModifiedDate" : "2021-05-08T03:30Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-7123",
        "ASSIGNER" : "security-alert@hpe.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-269"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
          "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.7.0",
          "versionEndExcluding" : "6.7.12",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.8.0",
          "versionEndExcluding" : "6.8.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T15:15Z",
    "lastModifiedDate" : "2021-05-06T22:13Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-21993",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://cxsecurity.com/issue/WLB-2020010032",
          "name" : "https://cxsecurity.com/issue/WLB-2020010032",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5551.php",
          "name" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5551.php",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:wems:enterprise_manager:2.19.7959:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:wems:enterprise_manager:2.55.8782:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:wems:enterprise_manager:2.55.8806:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:wems:enterprise_manager:2.58.8903:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-28T15:15Z",
    "lastModifiedDate" : "2021-05-05T20:25Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3508",
        "ASSIGNER" : "security@elastic.co"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-835"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1951198",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1951198",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/enferex/pdfresurrect/issues/17",
          "name" : "https://github.com/enferex/pdfresurrect/issues/17",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A flaw was found in PDFResurrect in version 0.22b. There is an infinite loop in get_xref_linear_skipped() in pdf.c via a crafted PDF file."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:pdfresurrect_project:pdfresurrect:0.22b:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-28T14:15Z",
    "lastModifiedDate" : "2021-05-05T20:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29388",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.sourcecodester.com/php/14403/budget-management-system.html",
          "name" : "https://www.sourcecodester.com/php/14403/budget-management-system.html",
          "refsource" : "MISC",
          "tags" : [ "Product" ]
        }, {
          "url" : "https://www.exploit-db.com/exploits/49723",
          "name" : "https://www.exploit-db.com/exploits/49723",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A stored cross-site scripting (XSS) vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:budget_management_system_project:budget_management_system:1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.3,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-28T14:15Z",
    "lastModifiedDate" : "2021-05-05T20:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29387",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exploit-db.com/exploits/49722",
          "name" : "https://www.exploit-db.com/exploits/49722",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.sourcecodester.com/php/11327/equipment-inventory.html",
          "name" : "https://www.sourcecodester.com/php/11327/equipment-inventory.html",
          "refsource" : "MISC",
          "tags" : [ "Product" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Multiple stored cross-site scripting (XSS) vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any \"Add\" sections, such as Add Item , Employee and Position or others in the Name Parameters."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:equipment_inventory_system_project:equipment_inventory_system:1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.3,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-28T14:15Z",
    "lastModifiedDate" : "2021-05-05T20:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29159",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.sonatype.com/hc/en-us/categories/201980768-Welcome-to-the-Sonatype-Support-Knowledge-Base",
          "name" : "https://support.sonatype.com/hc/en-us/categories/201980768-Welcome-to-the-Sonatype-Support-Knowledge-Base",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://support.sonatype.com/hc/en-us/articles/1500005031082",
          "name" : "https://support.sonatype.com/hc/en-us/articles/1500005031082",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:sonatype:nexus_repository_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.23.0",
          "versionEndExcluding" : "3.30.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-28T14:15Z",
    "lastModifiedDate" : "2021-05-05T20:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-18020",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://gitee.com/koyshe/phpshe/issues/IQ8S8",
          "name" : "https://gitee.com/koyshe/phpshe/issues/IQ8S8",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the \"user_phone\" parameter of a crafted HTTP request to the \"admin.php\" component."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:phpshe:mall_system:1.7:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T14:15Z",
    "lastModifiedDate" : "2021-05-05T20:25Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-18019",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/si1ence90/xinhu1.8.3_SqlInject",
          "name" : "https://github.com/si1ence90/xinhu1.8.3_SqlInject",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the \"typeid\" variable of the \"createfolderAjax\" function in the \"mode_worcAction.php\" component."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:xinfu:oa_system:1.8.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T14:15Z",
    "lastModifiedDate" : "2021-05-05T20:24Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22332",
        "ASSIGNER" : "psirt@huawei.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-415"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-doublefree-en",
          "name" : "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-doublefree-en",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious operation to cause the pointer double free. This may lead to module crash, compromising normal service."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c50spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r003c00spc810:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c00spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c10spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r002c50spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r003c00spc810:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c00spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c10spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:huawei:cloudengine_5800:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r002c50spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r003c00spc810:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c00spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c10spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:huawei:cloudengine_6800:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r002c50spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r003c00spc810:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r005c00spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r005c10spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:huawei:cloudengine_7800:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T13:15Z",
    "lastModifiedDate" : "2021-05-08T02:54Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22331",
        "ASSIGNER" : "psirt@huawei.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-74"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-js-en",
          "name" : "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-js-en",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product versions include HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R7P3), 11.0.0.138(C432E8R2P3), 11.0.0.138(C461E4R3P3), 11.0.0.138(C605E4R1P3), and 11.0.0.138(C636E4R3P3)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "10.1.0.165\\(c01e165r2p11\\)",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "11.0.0.118\\(c635e2r1p3\\)",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "11.0.0.120\\(c00e120r2p5\\)",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "11.0.0.138\\(c10e4r5p3\\)",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "11.0.0.138\\(c185e4r7p3\\)",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "11.0.0.138\\(c432e8r2p3\\)",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "11.0.0.138\\(c461e4r3p3\\)",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "11.0.0.138\\(c605e4r1p3\\)",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "11.0.0.138\\(c636e4r3p3\\)",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T13:15Z",
    "lastModifiedDate" : "2021-05-08T03:26Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22514",
        "ASSIGNER" : "security@microfocus.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-94"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://softwaresupport.softwaregrp.com/doc/KM03806649",
          "name" : "https://softwaresupport.softwaregrp.com/doc/KM03806649",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:microfocus:application_performance_management:9.40:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:microfocus:application_performance_management:9.50:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:microfocus:application_performance_management:9.51:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T12:15Z",
    "lastModifiedDate" : "2021-05-08T02:52Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22393",
        "ASSIGNER" : "psirt@huawei.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210324-01-dos-en",
          "name" : "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210324-01-dos-en",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. The affected product cannot deal with some messages because of module design weakness . Attackers can exploit this vulnerability by sending a large amount of specific messages to cause denial of service. This can compromise normal service."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c50spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r003c00spc810:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c00spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c10spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_5800:v200r002c50spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_5800:v200r003c00spc810:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_5800:v200r005c00spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_5800:v200r005c10spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:huawei:cloudengine_5800:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r002c50spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r003c00spc810:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c00spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c10spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:huawei:cloudengine_6800:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r002c50spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r003c00spc810:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r005c00spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r005c10spc800:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:huawei:cloudengine_7800:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T12:15Z",
    "lastModifiedDate" : "2021-05-08T03:14Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22330",
        "ASSIGNER" : "psirt@huawei.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-p30-en",
          "name" : "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-p30-en",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of the input parameter, successful exploit can cause the process and the service to be abnormal."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:p30_firmware:9.1.0.131\\(c00e130r1p21\\):*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "ADJACENT_NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:A/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "ADJACENT_NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 3.3
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.5,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T12:15Z",
    "lastModifiedDate" : "2021-05-08T02:49Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22327",
        "ASSIGNER" : "psirt@huawei.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-smartphone-en",
          "name" : "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-smartphone-en",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions include:HUAWEI P30 versions 10.0.0.186(C10E7R5P1), 10.0.0.186(C461E4R3P1), 10.0.0.188(C00E85R2P11), 10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3), 10.0.0.190(C185E4R7P1), 10.0.0.190(C431E22R2P5), 10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3), 10.0.0.190(C636E4R3P4), 10.0.0.192(C635E3R2P4)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:p30_firmware:10.0.0.186\\(c10e7r5p1\\):*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:p30_firmware:10.0.0.186\\(c461e4r3p1\\):*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:p30_firmware:10.0.0.188\\(c00e85r2p11\\):*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:p30_firmware:10.0.0.188\\(c01e88r2p11\\):*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:p30_firmware:10.0.0.188\\(c605e19r1p3\\):*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:p30_firmware:10.0.0.190\\(c185e4r7p1\\):*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:p30_firmware:10.0.0.190\\(c431e22r2p5\\):*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:p30_firmware:10.0.0.190\\(c432e22r2p5\\):*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:p30_firmware:10.0.0.190\\(c605e19r1p3\\):*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:p30_firmware:10.0.0.190\\(c636e4r3p4\\):*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:huawei:p30_firmware:10.0.0.192\\(c635e3r2p4\\):*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-28T12:15Z",
    "lastModifiedDate" : "2021-05-08T04:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30169",
        "ASSIGNER" : "cve@cert.org.tw"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-200"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf",
          "name" : "https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.twcert.org.tw/tw/cp-132-4679-d308c-1.html",
          "name" : "https://www.twcert.org.tw/tw/cp-132-4679-d308c-1.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388",
          "name" : "https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e",
          "name" : "https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant user’s credential."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r8852e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r8852e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r8852e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r8852e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6852e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6852e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6852e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6852e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6552e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6552e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6552e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6552e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6352ae2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6352ae2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6352ae4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6352ae4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r3052ae2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r3052ae2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2g1052_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2g1052:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r8822e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r8822e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r8822e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r8822e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6822e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6822e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6822e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6822e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6522e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6522e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6522e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6522e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6322ae2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6322ae2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6322ae4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6322ae4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r3022ae2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r3022ae2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2g1022_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2g1022:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2g1022x_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2g1022x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8852ax_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8852ax:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8152x-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8152x-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8152x2-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8152x2-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8052ex25_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8052ex25:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6552x_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6552x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6452ax_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6452ax:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6452ax-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6452ax-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8822ax_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8822ax:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8122x-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8122x-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8122x2-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8122x2-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8022ex25_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8022ex25:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6522x_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6522x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6422ax_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6422ax:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6422ax-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6422ax-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p3r6322e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p3r6322e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p3r6522e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p3r6522e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p3r8822e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p3r8822e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z3r6422x3_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z3r6422x3:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z3r6522x_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z3r6522x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z3r8922x3_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z3r8922x3:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T10:15Z",
    "lastModifiedDate" : "2021-05-07T19:13Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30168",
        "ASSIGNER" : "cve@cert.org.tw"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-200"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf",
          "name" : "https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.twcert.org.tw/tw/cp-132-4678-aad70-1.html",
          "name" : "https://www.twcert.org.tw/tw/cp-132-4678-aad70-1.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388",
          "name" : "https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e",
          "name" : "https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r8852e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r8852e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r8852e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r8852e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6852e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6852e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6852e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6852e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6552e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6552e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6552e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6552e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6352ae2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6352ae2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6352ae4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6352ae4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r3052ae2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r3052ae2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2g1052_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2g1052:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r8822e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r8822e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r8822e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r8822e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6822e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6822e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6822e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6822e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6522e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6522e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6522e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6522e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6322ae2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6322ae2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6322ae4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6322ae4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r3022ae2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r3022ae2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2g1022_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2g1022:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2g1022x_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2g1022x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8852ax_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8852ax:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8152x-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8152x-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8152x2-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8152x2-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8052ex25_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8052ex25:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6552x_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6552x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6452ax_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6452ax:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6452ax-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6452ax-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8822ax_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8822ax:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8122x-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8122x-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8122x2-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8122x2-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8022ex25_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8022ex25:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6522x_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6522x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6422ax_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6422ax:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6422ax-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6422ax-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p3r6322e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p3r6322e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p3r6522e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p3r6522e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p3r8822e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p3r8822e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z3r6422x3_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z3r6422x3:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z3r6522x_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z3r6522x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z3r8922x3_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z3r8922x3:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T10:15Z",
    "lastModifiedDate" : "2021-05-07T19:20Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30167",
        "ASSIGNER" : "cve@cert.org.tw"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-522"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf",
          "name" : "https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html",
          "name" : "https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html",
          "refsource" : "MISC",
          "tags" : [ "Not Applicable" ]
        }, {
          "url" : "https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388",
          "name" : "https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e",
          "name" : "https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r8852e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r8852e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r8852e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r8852e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6852e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6852e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6852e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6852e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6552e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6552e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6552e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6552e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6352ae2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6352ae2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6352ae4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6352ae4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r3052ae2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r3052ae2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2g1052_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2g1052:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r8822e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r8822e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r8822e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r8822e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6822e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6822e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6822e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6822e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6522e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6522e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6522e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6522e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6322ae2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6322ae2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6322ae4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6322ae4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r3022ae2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r3022ae2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2g1022_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2g1022:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2g1022x_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2g1022x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8852ax_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8852ax:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8152x-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8152x-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8152x2-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8152x2-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8052ex25_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8052ex25:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6552x_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6552x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6452ax_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6452ax:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6452ax-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6452ax-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8822ax_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8822ax:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8122x-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8122x-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8122x2-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8122x2-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8022ex25_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8022ex25:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6522x_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6522x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6422ax_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6422ax:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6422ax-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6422ax-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p3r6322e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p3r6322e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p3r6522e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p3r6522e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p3r8822e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p3r8822e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z3r6422x3_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z3r6422x3:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z3r6522x_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z3r6522x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z3r8922x3_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z3r8922x3:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 9.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 8.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T10:15Z",
    "lastModifiedDate" : "2021-05-07T19:12Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30166",
        "ASSIGNER" : "cve@cert.org.tw"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-78"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf",
          "name" : "https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html",
          "name" : "https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388",
          "name" : "https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e",
          "name" : "https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r8852e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r8852e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r8852e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r8852e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6852e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6852e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6852e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6852e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6552e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6552e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6552e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6552e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6352ae2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6352ae2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6352ae4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6352ae4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r3052ae2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r3052ae2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2g1052_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2g1052:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r8822e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r8822e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r8822e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r8822e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6822e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6822e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6822e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6822e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6522e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6522e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6522e4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6522e4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6322ae2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6322ae2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r6322ae4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r6322ae4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2r3022ae2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2r3022ae2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2g1022_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2g1022:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p2g1022x_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p2g1022x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8852ax_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8852ax:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8152x-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8152x-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8152x2-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8152x2-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8052ex25_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8052ex25:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6552x_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6552x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6452ax_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6452ax:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6452ax-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6452ax-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8822ax_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8822ax:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8122x-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8122x-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8122x2-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8122x2-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r8022ex25_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r8022ex25:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6522x_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6522x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6422ax_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6422ax:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z2r6422ax-p_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z2r6422ax-p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p3r6322e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p3r6322e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p3r6522e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p3r6522e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:p3r8822e2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:p3r8822e2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z3r6422x3_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z3r6422x3:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z3r6522x_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z3r6522x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:meritlilin:z3r8922x3_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.1.94.8908",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:meritlilin:z3r8922x3:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.2,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.2,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 9.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 8.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T10:15Z",
    "lastModifiedDate" : "2021-05-05T20:36Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31866",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-203"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
          "name" : "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.redmine.org/news/131",
          "name" : "https://www.redmine.org/news/131",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "4.0.9",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "4.1.0",
          "versionEndExcluding" : "4.1.3",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T07:15Z",
    "lastModifiedDate" : "2021-05-10T14:59Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31865",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-863"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
          "name" : "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.redmine.org/news/131",
          "name" : "https://www.redmine.org/news/131",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "4.0.9",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "4.1.0",
          "versionEndExcluding" : "4.1.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "4.2.0",
          "versionEndExcluding" : "4.2.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T07:15Z",
    "lastModifiedDate" : "2021-05-10T15:12Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31864",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-863"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
          "name" : "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.redmine.org/news/131",
          "name" : "https://www.redmine.org/news/131",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "4.0.9",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "4.1.0",
          "versionEndExcluding" : "4.1.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "4.2.0",
          "versionEndExcluding" : "4.2.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T07:15Z",
    "lastModifiedDate" : "2021-05-10T15:18Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31863",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
          "name" : "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.redmine.org/news/131",
          "name" : "https://www.redmine.org/news/131",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "4.0.9",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "4.1.0",
          "versionEndExcluding" : "4.1.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "4.2.0",
          "versionEndExcluding" : "4.2.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T07:15Z",
    "lastModifiedDate" : "2021-05-10T15:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31779",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-918"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://typo3.org/security/advisory/typo3-ext-sa-2021-006",
          "name" : "https://typo3.org/security/advisory/typo3-ext-sa-2021-006",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows SSRF via a backend user account."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:yoast:yoast_seo:*:*:*:*:*:typo3:*:*",
          "versionEndExcluding" : "7.2.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.1,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T07:15Z",
    "lastModifiedDate" : "2021-05-07T16:17Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31778",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://typo3.org/security/advisory/typo3-ext-sa-2021-004",
          "name" : "https://typo3.org/security/advisory/typo3-ext-sa-2021-004",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The media2click (aka 2 Clicks for External Media) extension 1.x before 1.3.3 for TYPO3 allows XSS by a backend user account."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:media2click_project:media2click:*:*:*:*:*:typo3:*:*",
          "versionStartIncluding" : "1.0.0",
          "versionEndExcluding" : "1.3.3",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.3,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-28T07:15Z",
    "lastModifiedDate" : "2021-05-07T15:37Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31777",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://typo3.org/security/advisory/typo3-ext-sa-2021-005",
          "name" : "https://typo3.org/security/advisory/typo3-ext-sa-2021-005",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://excellium-services.com/cert-xlm-advisory/",
          "name" : "https://excellium-services.com/cert-xlm-advisory/",
          "refsource" : "MISC",
          "tags" : [ "Not Applicable" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162429/TYPO3-6.2.1-SQL-Injection.html",
          "name" : "http://packetstormsecurity.com/files/162429/TYPO3-6.2.1-SQL-Injection.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:dynamic_content_element_project:dynamic_content_element:*:*:*:*:*:typo3:*:*",
          "versionStartIncluding" : "2.2.0",
          "versionEndExcluding" : "2.6.2",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:dynamic_content_element_project:dynamic_content_element:*:*:*:*:*:typo3:*:*",
          "versionStartIncluding" : "2.7.0",
          "versionEndExcluding" : "2.7.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.9,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.2,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T07:15Z",
    "lastModifiedDate" : "2021-05-07T15:44Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31856",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://meshery.io",
          "name" : "https://meshery.io",
          "refsource" : "MISC",
          "tags" : [ "Product", "Vendor Advisory" ]
        }, {
          "url" : "https://github.com/layer5io/meshery/pull/2745",
          "name" : "https://github.com/layer5io/meshery/pull/2745",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:layer5:meshery:0.5.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T06:15Z",
    "lastModifiedDate" : "2021-05-06T21:56Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-36326",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-502"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9",
          "name" : "https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:phpmailer_project:phpmailer:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.1.8",
          "versionEndIncluding" : "6.4.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T03:15Z",
    "lastModifiedDate" : "2021-05-07T17:46Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31815",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-319"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://themarkup.org/privacy/2021/04/27/google-promised-its-contact-tracing-app-was-completely-private-but-it-wasnt",
          "name" : "https://themarkup.org/privacy/2021/04/27/google-promised-its-contact-tracing-app-was-completely-private-but-it-wasnt",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Press/Media Coverage", "Third Party Advisory" ]
        }, {
          "url" : "https://blog.appcensus.io/2021/04/27/why-google-should-stop-logging-contact-tracing-data/",
          "name" : "https://blog.appcensus.io/2021/04/27/why-google-should-stop-logging-contact-tracing-data/",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and (sometimes) COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to the Android system log, and many Android devices have applications (preinstalled by the hardware manufacturer or network operator) that read system log data and send it to third parties. NOTE: a news outlet (The Markup) states that they received a vendor response indicating that fix deployment \"began several weeks ago and will be complete in the coming days.\""
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:google:google\\/apple_exposure_notifications:*:*:*:*:*:android:*:*",
          "versionEndIncluding" : "2021-04-27",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.3,
          "baseSeverity" : "LOW"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T02:15Z",
    "lastModifiedDate" : "2021-05-07T18:28Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20716",
        "ASSIGNER" : "vultures@jpcert.or.jp"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-Other"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.buffalo.jp/news/detail/20210427-02.html",
          "name" : "https://www.buffalo.jp/news/detail/20210427-02.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://jvn.jp/en/vu/JVNVU90274525/index.html",
          "name" : "https://jvn.jp/en/vu/JVNVU90274525/index.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and prior, WBR2-G54-KD firmware Ver.2.32 and prior, WBR-B11 firmware Ver.2.23 and prior, WBR-G54 firmware Ver.2.23 and prior, WBR-G54L firmware Ver.2.20 and prior, WHR2-A54G54 firmware Ver.2.25 and prior, WHR2-G54 firmware Ver.2.23 and prior, WHR2-G54V firmware Ver.2.55 and prior, WHR3-AG54 firmware Ver.2.23 and prior, WHR-G54 firmware Ver.2.16 and prior, WHR-G54-NF firmware Ver.2.10 and prior, WLA2-G54 firmware Ver.2.24 and prior, WLA2-G54C firmware Ver.2.24 and prior, WLA-B11 firmware Ver.2.20 and prior, WLA-G54 firmware Ver.2.20 and prior, WLA-G54C firmware Ver.2.20 and prior, WLAH-A54G54 firmware Ver.2.54 and prior, WLAH-AM54G54 firmware Ver.2.54 and prior, WLAH-G54 firmware Ver.2.54 and prior, WLI2-TX1-AG54 firmware Ver.2.53 and prior, WLI2-TX1-AMG54 firmware Ver.2.53 and prior, WLI2-TX1-G54 firmware Ver.2.20 and prior, WLI3-TX1-AMG54 firmware Ver.2.53 and prior, WLI3-TX1-G54 firmware Ver.2.53 and prior, WLI-T1-B11 firmware Ver.2.20 and prior, WLI-TX1-G54 firmware Ver.2.20 and prior, WVR-G54-NF firmware Ver.2.02 and prior, WZR-G108 firmware Ver.2.41 and prior, WZR-G54 firmware Ver.2.41 and prior, WZR-HP-G54 firmware Ver.2.41 and prior, WZR-RS-G54 firmware Ver.2.55 and prior, and WZR-RS-G54HP firmware Ver.2.55 and prior) allows a remote attacker to enable the debug option and to execute arbitrary code or OS commands, change the configuration, and cause a denial of service (DoS) condition."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:bhr-4rv_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.55",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:bhr-4rv:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:fs-g54_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.04",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:fs-g54:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wbr2-b11_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.32",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wbr2-b11:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wbr2-g54_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.32",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wbr2-g54:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wbr2-g54-kd_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.32",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wbr2-g54-kd:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wbr-b11_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.23",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wbr-b11:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wbr-g54_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.23",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wbr-g54:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wbr-g54l_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.20",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wbr-g54l:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:whr2-a54g54_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.25",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:whr2-a54g54:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:whr2-g54_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.23",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:whr2-g54:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:whr2-g54v_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.55",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:whr2-g54v:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:whr3-ag54_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.23",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:whr3-ag54:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:whr-g54_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.16",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:whr-g54:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:whr-g54-nf_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.10",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:whr-g54-nf:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wla2-g54_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.24",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wla2-g54:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wla2-g54c_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.24",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wla2-g54c:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wla-b11_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.20",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wla-b11:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wla-g54_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.20",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wla-g54:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wla-g54c_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.20",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wla-g54c:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wlah-a54g54_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.54",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wlah-a54g54:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wlah-am54g54_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.54",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wlah-am54g54:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wlah-g54_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.54",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wlah-g54:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wli2-tx1-ag54_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.53",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wli2-tx1-ag54:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wli2-tx1-amg54_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.53",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wli2-tx1-amg54:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wli2-tx1-g54_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.20",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wli2-tx1-g54:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wli3-tx1-amg54_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.53",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wli3-tx1-amg54:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wli3-tx1-g54_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.53",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wli3-tx1-g54:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wli-t1-b11_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.20",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wli-t1-b11:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wli-tx1-g54_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.20",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wli-tx1-g54:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wvr-g54-nf_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.02",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wvr-g54-nf:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wzr-g108_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.41",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wzr-g108:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wzr-g54_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.41",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wzr-g54:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wzr-hp-g54_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.41",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wzr-hp-g54:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wzr-rs-g54_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.55",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wzr-rs-g54:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:buffalo:wzr-rs-g54hp_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.55",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:buffalo:wzr-rs-g54hp:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 10.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-28T01:15Z",
    "lastModifiedDate" : "2021-05-07T17:43Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29476",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-502"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/WordPress/Requests/security/advisories/GHSA-52qp-jpq7-6c54",
          "name" : "https://github.com/WordPress/Requests/security/advisories/GHSA-52qp-jpq7-6c54",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/rmccue/Requests/pull/421",
          "name" : "https://github.com/rmccue/Requests/pull/421",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of `Requests` 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:wordpress:requests:1.6.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:wordpress:requests:1.6.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:wordpress:requests:1.7.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T21:15Z",
    "lastModifiedDate" : "2021-05-07T03:06Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29472",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-94"
          }, {
            "lang" : "en",
            "value" : "CWE-88"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://getcomposer.org/",
          "name" : "https://getcomposer.org/",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://github.com/composer/composer/security/advisories/GHSA-h5h8-pc6h-jvvx",
          "name" : "https://github.com/composer/composer/security/advisories/GHSA-h5h8-pc6h-jvvx",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4907",
          "name" : "DSA-4907",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to Composer users directly is limited as the composer.json file is typically under their own control and source download URLs can only be supplied by third party Composer repositories they explicitly trust to download and execute source code from, e.g. Composer plugins. The main impact is to services passing user input to Composer, including Packagist.org and Private Packagist. This allowed users to trigger remote code execution. The vulnerability has been patched on Packagist.org and Private Packagist within 12h of receiving the initial vulnerability report and based on a review of logs, to the best of our knowledge, was not abused by anyone. Other services/tools using VcsRepository/VcsDriver or derivatives may also be vulnerable and should upgrade their composer/composer dependency immediately. Versions 1.10.22 and 2.0.13 include patches for this issue."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:getcomposer:composer:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.10.22",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:getcomposer:composer:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.0",
          "versionEndExcluding" : "2.0.13",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T21:15Z",
    "lastModifiedDate" : "2021-05-07T22:19Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29442",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-306"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/alibaba/nacos/issues/4463",
          "name" : "https://github.com/alibaba/nacos/issues/4463",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/alibaba/nacos/pull/4517",
          "name" : "https://github.com/alibaba/nacos/pull/4517",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/advisories/GHSA-36hp-jr8h-556f",
          "name" : "https://github.com/advisories/GHSA-36hp-jr8h-556f",
          "refsource" : "CONFIRM",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql)"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:alibaba:nacos:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.4.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T21:15Z",
    "lastModifiedDate" : "2021-05-07T15:37Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29441",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-290"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/alibaba/nacos/issues/4701",
          "name" : "https://github.com/alibaba/nacos/issues/4701",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/advisories/GHSA-36hp-jr8h-556f",
          "name" : "https://github.com/advisories/GHSA-36hp-jr8h-556f",
          "refsource" : "CONFIRM",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/alibaba/nacos/pull/4703",
          "name" : "https://github.com/alibaba/nacos/pull/4703",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow any user to carry out any administrative tasks on the Nacos server."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:alibaba:nacos:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.4.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T21:15Z",
    "lastModifiedDate" : "2021-05-07T23:09Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30128",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-502"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743%40%3Cdev.ofbiz.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743%40%3Cdev.ofbiz.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Mitigation", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743@%3Cdev.ofbiz.apache.org%3E",
          "name" : "[ofbiz-dev] 20210427 [CVE-2021-30128] Unsafe deserialization in OFBiz",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Mitigation", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rbe512e5ccd6b11169c6379daa1234bc805f3d53c5a38224e956295ce@%3Cnotifications.ofbiz.apache.org%3E",
          "name" : "[ofbiz-notifications] 20210427 [jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128]",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb82f41de3c44bb644632531f79649046ca76afeab25a2bdb9991ab84@%3Cnotifications.ofbiz.apache.org%3E",
          "name" : "[ofbiz-notifications] 20210427 [jira] [Updated] (OFBIZ-12221) Fixed ObjectInputStream denyList [CVE-2021-30128]",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743@%3Cuser.ofbiz.apache.org%3E",
          "name" : "[ofbiz-user] 20210427 [CVE-2021-30128] Unsafe deserialization in OFBiz",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Mitigation", "Vendor Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/04/27/5",
          "name" : "[oss-security] 20210427 [CVE-2021-30128] Unsafe deserialization in OFBiz",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r108a964764b8bd21ebd32ccd4f51c183ee80a251c105b849154a8e9d@%3Ccommits.ofbiz.apache.org%3E",
          "name" : "[ofbiz-commits] 20210427 [ofbiz-site] branch master updated: Updates security page for CVE-2021-29200 and 30128 fixed in 17.12.07",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743@%3Cannounce.apache.org%3E",
          "name" : "[announce] 20210427 [CVE-2021-30128] Unsafe deserialization in OFBiz",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Mitigation", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Apache OFBiz has unsafe deserialization prior to 17.12.07 version"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "17.12.07",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 10.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T20:15Z",
    "lastModifiedDate" : "2021-05-07T15:00Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29460",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/getkirby/kirby/security/advisories/GHSA-qgp4-5qx6-548g",
          "name" : "https://github.com/getkirby/kirby/security/advisories/GHSA-qgp4-5qx6-548g",
          "refsource" : "CONFIRM",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/getkirby/kirby/releases/tag/3.5.4",
          "name" : "https://github.com/getkirby/kirby/releases/tag/3.5.4",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Third Party Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162359/Kirby-CMS-3.5.3.1-Cross-Site-Scripting.html",
          "name" : "http://packetstormsecurity.com/files/162359/Kirby-CMS-3.5.3.1-Cross-Site-Scripting.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like `<script>` tags. The direct link to that file can be sent to other users or visitors of the site. If the victim opens that link in a browser where they are logged in to Kirby, the script will run and can for example trigger requests to Kirby's API with the permissions of the victim. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can escalate their privileges if they get access to the Panel session of an admin user. Depending on your site, other JavaScript-powered attacks are possible. Visitors without Panel access can only use this attack vector if your site allows SVG file uploads in frontend forms and you don't already sanitize uploaded SVG files. The problem has been patched in Kirby 3.5.4. Please update to this or a later version to fix the vulnerability. Frontend upload forms need to be patched separately depending on how they store the uploaded file(s). If you use `File::create()`, you are protected by updating to 3.5.4+. As a work around you can disable the upload of SVG files in your file blueprints."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "3.5.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.3,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-27T20:15Z",
    "lastModifiedDate" : "2021-05-07T22:46Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29200",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-502"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://lists.apache.org/thread.html/re21d25d9fb89e36cea910633779c23f144b9b60596b113b7bf1e8097%40%3Cdev.ofbiz.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/re21d25d9fb89e36cea910633779c23f144b9b60596b113b7bf1e8097%40%3Cdev.ofbiz.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r708351f1a8af7adb887cc3d8a92bed8fcbff4a9e495e69a9ee546fda@%3Cnotifications.ofbiz.apache.org%3E",
          "name" : "[ofbiz-notifications] 20210427 [jira] [Updated] (OFBIZ-12216) Fixed UtilObject class [CVE-2021-29200]",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re21d25d9fb89e36cea910633779c23f144b9b60596b113b7bf1e8097@%3Cuser.ofbiz.apache.org%3E",
          "name" : "[ofbiz-user] 20210427 [CVE-2021-29200] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/04/27/4",
          "name" : "[oss-security] 20210427 [CVE-2021-29200] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re21d25d9fb89e36cea910633779c23f144b9b60596b113b7bf1e8097@%3Cdev.ofbiz.apache.org%3E",
          "name" : "[ofbiz-dev] 20210427 [CVE-2021-29200] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r108a964764b8bd21ebd32ccd4f51c183ee80a251c105b849154a8e9d@%3Ccommits.ofbiz.apache.org%3E",
          "name" : "[ofbiz-commits] 20210427 [ofbiz-site] branch master updated: Updates security page for CVE-2021-29200 and 30128 fixed in 17.12.07",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re21d25d9fb89e36cea910633779c23f144b9b60596b113b7bf1e8097@%3Cannounce.apache.org%3E",
          "name" : "[announce] 20210427 [CVE-2021-29200] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "17.12.07",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T20:15Z",
    "lastModifiedDate" : "2021-05-06T21:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21429",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-552"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/OpenAPITools/openapi-generator/pull/8795",
          "name" : "https://github.com/OpenAPITools/openapi-generator/pull/8795",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-867q-77cc-98mv",
          "name" : "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-867q-77cc-98mv",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. OpenAPI Generator maven plug-in creates insecure temporary files during the process. The issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:openapi-generator:openapi_generator:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "5.1.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.3,
          "baseSeverity" : "LOW"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T20:15Z",
    "lastModifiedDate" : "2021-05-07T20:17Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21365",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/benjaminkott/bootstrap_package/commit/de3a568fc311d6712d9339643e51e8627c80530b",
          "name" : "https://github.com/benjaminkott/bootstrap_package/commit/de3a568fc311d6712d9339643e51e8627c80530b",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/benjaminkott/bootstrap_package/security/advisories/GHSA-p48w-vf3c-rqjx",
          "name" : "https://github.com/benjaminkott/bootstrap_package/security/advisories/GHSA-p48w-vf3c-rqjx",
          "refsource" : "CONFIRM",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://typo3.org/security/advisory/typo3-ext-sa-2021-007",
          "name" : "https://typo3.org/security/advisory/typo3-ext-sa-2021-007",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Bootstrap Package is a theme for TYPO3. It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Users of the extension, who have overwritten the affected templates with custom code must manually apply the security fix. Update to version 7.1.2, 8.0.8, 9.1.4, 10.0.10 or 11.0.3 of the Bootstrap Package that fix the problem described. Updated version are available from the TYPO3 extension manager, Packagist and at https://extensions.typo3.org/extension/download/bootstrap_package/."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "7.1.2",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.0",
          "versionEndExcluding" : "8.0.8",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.0.0",
          "versionEndExcluding" : "9.0.4",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.1.0",
          "versionEndExcluding" : "9.1.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "10.0.0",
          "versionEndExcluding" : "10.0.10",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "11.0.0",
          "versionEndExcluding" : "11.0.3",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.3,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-27T20:15Z",
    "lastModifiedDate" : "2021-05-07T01:47Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30638",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-200"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/04/27/3",
          "name" : "[oss-security] 20210427 CVE-2021-30638: An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-491/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-491/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "5.4.0",
          "versionEndExcluding" : "5.6.4",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "5.7.0",
          "versionEndExcluding" : "5.7.2",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T19:15Z",
    "lastModifiedDate" : "2021-05-06T21:39Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-22001",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-287"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exploit-db.com/exploits/47807",
          "name" : "Exploit Database",
          "refsource" : "EXPLOIT-DB",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5557.php",
          "name" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5557.php",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote control of the smart home solution."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:homeautomation_project:homeautomation:3.3.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T18:15Z",
    "lastModifiedDate" : "2021-05-06T14:25Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-22000",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-352"
          }, {
            "lang" : "en",
            "value" : "CWE-78"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5560.php",
          "name" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5560.php",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://www.exploit-db.com/exploits/47809",
          "name" : "Exploit Database",
          "refsource" : "EXPLOIT-DB",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'set_command_on' and 'set_command_off' POST parameters in '/system/systemplugins/customcommand/customcommand.plugin.php' by using an unsanitized PHP exec() function."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:homeautomation_project:homeautomation:3.3.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.0,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.1,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 8.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 6.8,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-27T18:15Z",
    "lastModifiedDate" : "2021-05-06T14:05Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-21998",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-601"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5559.php",
          "name" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5559.php",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://cxsecurity.com/issue/WLB-2019120132",
          "name" : "https://cxsecurity.com/issue/WLB-2019120132",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:homeautomation_project:homeautomation:3.3.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-27T18:15Z",
    "lastModifiedDate" : "2021-05-06T14:19Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-21989",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-352"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exploit-db.com/exploits/47808",
          "name" : "Exploit Database",
          "refsource" : "EXPLOIT-DB",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5558.php",
          "name" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5558.php",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:homeautomation_project:homeautomation:3.3.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-27T18:15Z",
    "lastModifiedDate" : "2021-05-06T14:05Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29667",
        "ASSIGNER" : "psirt@us.ibm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-1236"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.ibm.com/support/pages/node/6447107",
          "name" : "https://www.ibm.com/support/pages/node/6447107",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199403",
          "name" : "ibm-spectrum-cve202129667-csv-injection (199403)",
          "refsource" : "XF",
          "tags" : [ "VDB Entry", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 199403."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "5.0.0:",
            "versionEndIncluding" : "5.0.5.6:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "5.1.0:",
            "versionEndIncluding" : "5.1.0.2:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-27T17:15Z",
    "lastModifiedDate" : "2021-05-05T20:34Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29666",
        "ASSIGNER" : "psirt@us.ibm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199400",
          "name" : "ibm-spectrum-cve202129666-xss (199400)",
          "refsource" : "XF",
          "tags" : [ "VDB Entry", "Vendor Advisory" ]
        }, {
          "url" : "https://www.ibm.com/support/pages/node/6447107",
          "name" : "https://www.ibm.com/support/pages/node/6447107",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199400."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "5.0.0:",
            "versionEndIncluding" : "5.0.5.6:",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "5.1.0:",
            "versionEndIncluding" : "5.1.0.2:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.3,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-27T17:15Z",
    "lastModifiedDate" : "2021-05-07T21:13Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20550",
        "ASSIGNER" : "psirt@us.ibm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199168",
          "name" : "ibm-cn-cve202120550-xss (199168)",
          "refsource" : "XF",
          "tags" : [ "VDB Entry", "Vendor Advisory" ]
        }, {
          "url" : "https://www.ibm.com/support/pages/node/6447143",
          "name" : "https://www.ibm.com/support/pages/node/6447143",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199168."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:ibm:content_navigator:3.0.0:*:*:*:continuous_delivery:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.3,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-27T17:15Z",
    "lastModifiedDate" : "2021-05-03T18:41Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20549",
        "ASSIGNER" : "psirt@us.ibm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.ibm.com/support/pages/node/6447143",
          "name" : "https://www.ibm.com/support/pages/node/6447143",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199167",
          "name" : "ibm-cn-cve202120549-xss (199167)",
          "refsource" : "XF",
          "tags" : [ "VDB Entry", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199167."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:ibm:content_navigator:3.0.0:*:*:*:continuous_delivery:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.3,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-27T17:15Z",
    "lastModifiedDate" : "2021-05-03T18:41Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20448",
        "ASSIGNER" : "psirt@us.ibm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.ibm.com/support/pages/node/6447139",
          "name" : "https://www.ibm.com/support/pages/node/6447139",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196624",
          "name" : "ibm-cn-cve202120448-xss (196624)",
          "refsource" : "XF",
          "tags" : [ "VDB Entry", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196624."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:ibm:content_navigator:3.0.0:*:*:*:continuous_delivery:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.3,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-27T17:15Z",
    "lastModifiedDate" : "2021-05-03T18:40Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-4981",
        "ASSIGNER" : "psirt@us.ibm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-269"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.ibm.com/support/pages/node/6447077",
          "name" : "https://www.ibm.com/support/pages/node/6447077",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/192541",
          "name" : "ibm-spectrum-cve20204981-file-write (192541)",
          "refsource" : "XF",
          "tags" : [ "VDB Entry", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local privileged user to overwrite files due to improper input validation. IBM X-Force ID: 192541."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "5.0.4.1",
          "versionEndIncluding" : "5.1.0.3",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.0,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 0.8,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 3.6
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T17:15Z",
    "lastModifiedDate" : "2021-05-03T23:02Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3464",
        "ASSIGNER" : "psirt@lenovo.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-427"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://iknow.lenovo.com.cn/detail/dc_196156.html",
          "name" : "https://iknow.lenovo.com.cn/detail/dc_196156.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow privilege escalation."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:lenovo:pcmanager:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "3.0.400.3252",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T16:15Z",
    "lastModifiedDate" : "2021-05-06T12:47Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3451",
        "ASSIGNER" : "psirt@lenovo.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-276"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://iknow.lenovo.com.cn/detail/dc_196156.html",
          "name" : "https://iknow.lenovo.com.cn/detail/dc_196156.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:lenovo:pcmanager:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "3.0.400.3252",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T16:15Z",
    "lastModifiedDate" : "2021-05-06T12:47Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30642",
        "ASSIGNER" : "secure@symantec.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-78"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA17969",
          "name" : "https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA17969",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:symantec:security_analytics:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.2",
          "versionEndExcluding" : "7.2.7",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:symantec:security_analytics:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.1",
          "versionEndExcluding" : "8.1.3-nsr3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:symantec:security_analytics:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.2",
          "versionEndExcluding" : "8.2.2",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 10.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T15:15Z",
    "lastModifiedDate" : "2021-05-07T16:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28269",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-269"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5634.php",
          "name" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5634.php",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://www.zeroscience.mk/en/vulnerabilities",
          "name" : "https://www.zeroscience.mk/en/vulnerabilities",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://www.exploit-db.com/exploits/49679",
          "name" : "Exploit Database",
          "refsource" : "EXPLOIT-DB",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:soyal:701client:9.0.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T15:15Z",
    "lastModifiedDate" : "2021-05-07T16:20Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28271",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-276"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exploit-db.com/exploits/49678",
          "name" : "Exploit Database",
          "refsource" : "EXPLOIT-DB",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5633.php",
          "name" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5633.php",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://www.zeroscience.mk/en/vulnerabilities",
          "name" : "https://www.zeroscience.mk/en/vulnerabilities",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:soyal:701client:9.0.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T13:15Z",
    "lastModifiedDate" : "2021-05-07T16:18Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22660",
        "ASSIGNER" : "ics-cert@hq.dhs.gov"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-110-05",
          "name" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-110-05",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "US Government Resource" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-445/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-445/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-446/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-446/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-509/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-509/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:criticalmanufacturing:cncsoft-b:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "1.0.0.3",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-27T13:15Z",
    "lastModifiedDate" : "2021-05-07T16:13Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-27480",
        "ASSIGNER" : "ics-cert@hq.dhs.gov"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-121"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-110-03",
          "name" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-110-03",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "US Government Resource" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute remote code."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:deltaww:industrial_automation_commgr:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "1.12:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T12:15Z",
    "lastModifiedDate" : "2021-05-07T16:11Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-35542",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=61",
          "name" : "https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=61",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS attack."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:unisys:data_exchange_management_studio:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "5.0.34",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.3,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-27T11:15Z",
    "lastModifiedDate" : "2021-05-06T16:46Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28125",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-601"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434@%3Cdev.superset.apache.org%3E",
          "name" : "[superset-dev] 20210427 CVE-2021-28125: Apache Superset Open Redirect",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/04/27/2",
          "name" : "[oss-security] 20210427 CVE-2021-28125: Apache Superset Open Redirect",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "1.0.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-27T10:15Z",
    "lastModifiedDate" : "2021-05-07T17:57Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-17517",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-862"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://lists.apache.org/thread.html/rdd59a176b32c63f7fc0865428bf9bbc69297fa17f6130c80c25869aa%40%3Cdev.ozone.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/rdd59a176b32c63f7fc0865428bf9bbc69297fa17f6130c80c25869aa%40%3Cdev.ozone.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to buckets and keys thereby exposing data to anonymous clients or users. This affected Apache Ozone prior to the 1.1.0 release."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:ozone:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.1.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T09:15Z",
    "lastModifiedDate" : "2021-05-07T17:53Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20715",
        "ASSIGNER" : "vultures@jpcert.or.jp"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-863"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://jvn.jp/en/jp/JVN97434260/index.html",
          "name" : "https://jvn.jp/en/jp/JVN97434260/index.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Improper access control vulnerability in Hot Pepper Gourmet App for Android ver.4.111.0 and earlier, and for iOS ver.4.111.0 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:recruit-holdings:hot_pepper_gourmet:*:*:*:*:*:android:*:*",
          "versionEndIncluding" : "4.111.0",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:recruit-holdings:hot_pepper_gourmet:*:*:*:*:*:iphone_os:*:*",
          "versionEndIncluding" : "4.111.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-27T06:15Z",
    "lastModifiedDate" : "2021-05-07T13:48Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20714",
        "ASSIGNER" : "vultures@jpcert.or.jp"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-22"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.wpfastestcache.com/",
          "name" : "https://www.wpfastestcache.com/",
          "refsource" : "MISC",
          "tags" : [ "Product" ]
        }, {
          "url" : "https://wordpress.org/plugins/wp-fastest-cache/",
          "name" : "https://wordpress.org/plugins/wp-fastest-cache/",
          "refsource" : "MISC",
          "tags" : [ "Product" ]
        }, {
          "url" : "https://jvn.jp/en/jp/JVN35240327/index.html",
          "name" : "https://jvn.jp/en/jp/JVN35240327/index.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Directory traversal vulnerability in WP Fastest Cache versions prior to 0.9.1.7 allows a remote attacker with administrator privileges to delete arbitrary files on the server via unspecified vectors."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:wpfastestcache:wp_fastest_cache:*:*:*:*:*:wordpress:*:*",
          "versionEndExcluding" : "0.9.1.7",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.2,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T06:15Z",
    "lastModifiedDate" : "2021-05-06T16:55Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-25042",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "name" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "refsource" : "MISC",
          "tags" : [ "Not Applicable", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html",
          "name" : "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "name" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.9.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T06:15Z",
    "lastModifiedDate" : "2021-05-07T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-25041",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-617"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "name" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html",
          "name" : "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "name" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.9.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T06:15Z",
    "lastModifiedDate" : "2021-05-07T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-25040",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-835"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "name" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html",
          "name" : "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "name" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.9.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T06:15Z",
    "lastModifiedDate" : "2021-05-07T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-25039",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-190"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "name" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html",
          "name" : "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "name" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.9.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T06:15Z",
    "lastModifiedDate" : "2021-05-07T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-25038",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-190"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "name" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html",
          "name" : "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "name" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.9.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T06:15Z",
    "lastModifiedDate" : "2021-05-07T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-25037",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-617"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "name" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html",
          "name" : "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "name" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.9.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T06:15Z",
    "lastModifiedDate" : "2021-05-07T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-25036",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-617"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "name" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html",
          "name" : "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "name" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.9.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T06:15Z",
    "lastModifiedDate" : "2021-05-07T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-25035",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "name" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "refsource" : "MISC",
          "tags" : [ "Not Applicable", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html",
          "name" : "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "name" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.9.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T06:15Z",
    "lastModifiedDate" : "2021-05-07T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-25034",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-190"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "name" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html",
          "name" : "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "name" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.9.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T06:15Z",
    "lastModifiedDate" : "2021-05-07T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-25033",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-190"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "name" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "refsource" : "MISC",
          "tags" : [ "Not Applicable", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html",
          "name" : "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "name" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.9.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T06:15Z",
    "lastModifiedDate" : "2021-05-07T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-25032",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-190"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "name" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "refsource" : "MISC",
          "tags" : [ "Not Applicable", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html",
          "name" : "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "name" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.9.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T06:15Z",
    "lastModifiedDate" : "2021-05-07T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-25031",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-74"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "name" : "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
          "refsource" : "MISC",
          "tags" : [ "Not Applicable", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html",
          "name" : "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "name" : "https://security.netapp.com/advisory/ntap-20210507-0007/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.9.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.9,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.2,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T06:15Z",
    "lastModifiedDate" : "2021-05-07T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31826",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-476"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://issues.shibboleth.net/jira/browse/SSPCPP-927",
          "name" : "https://issues.shibboleth.net/jira/browse/SSPCPP-927",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://bugs.debian.org/987608",
          "name" : "https://bugs.debian.org/987608",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=5a47c3b9378f4c49392dd4d15189b70956f9f2ec",
          "name" : "https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=5a47c3b9378f4c49392dd4d15189b70956f9f2ec",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://shibboleth.net/community/advisories/secadv_20210426.txt",
          "name" : "https://shibboleth.net/community/advisories/secadv_20210426.txt",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4905",
          "name" : "DSA-4905",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is supplied."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:shibboleth:service_provider:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.0.0",
          "versionEndExcluding" : "3.2.2",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T04:15Z",
    "lastModifiedDate" : "2021-05-07T17:49Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31671",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-319"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/ankane/pgsync/issues/121",
          "name" : "https://github.com/ankane/pgsync/issues/121",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "pgsync before 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:pgsync_project:pgsync:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "0.6.7",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T03:15Z",
    "lastModifiedDate" : "2021-05-04T00:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30635",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-22"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.sonatype.com/hc/en-us/articles/1500006879561",
          "name" : "https://support.sonatype.com/hc/en-us/articles/1500006879561",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:sonatype:nexus_repository_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.0",
          "versionEndExcluding" : "3.30.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T03:15Z",
    "lastModifiedDate" : "2021-05-04T00:17Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30165",
        "ASSIGNER" : "cve@cert.org.tw"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-798"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.twcert.org.tw/tw/cp-132-4670-359c8-1.html",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The default administrator account & password of the EDIMAX wireless network camera is hard-coded. Remote attackers can disassemble firmware to obtain the privileged permission and further control the devices."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:edimax:ic-3140w_firmware:3.11:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:edimax:ic-3140w:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.1,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.2,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-27T03:15Z",
    "lastModifiedDate" : "2021-05-07T17:46Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29474",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-22"
          }, {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-p528-555r-pf87",
          "name" : "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-p528-555r-pf87",
          "refsource" : "CONFIRM",
          "tags" : [ "Exploit", "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker can read arbitrary `.md` files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can try to open the following URL: `http://localhost:3000/..%2F..%2FREADME#` (replace `http://localhost:3000` with your instance's base-URL e.g. `https://demo.hedgedoc.org/..%2F..%2FREADME#`). If you see a README page being rendered, you run an affected version. The attack works due the fact that the internal router passes the url-encoded alias to the `noteController.showNote`-function. This function passes the input directly to findNote() utility function, that will pass it on the the parseNoteId()-function, that tries to make sense out of the noteId/alias and check if a note already exists and if so, if a corresponding file on disk was updated. If no note exists the note creation-function is called, which pass this unvalidated alias, with a `.md` appended, into a path.join()-function which is read from the filesystem in the follow up routine and provides the pre-filled content of the new note. This allows an attacker to not only read arbitrary `.md` files from the filesystem, but also observes changes to them. The usefulness of this attack can be considered limited, since mainly markdown files are use the file-ending `.md` and all markdown files contained in the hedgedoc project, like the README, are public anyway. If other protections such as a chroot or container or proper file permissions are in place, this attack's usefulness is rather limited. On a reverse-proxy level one can force a URL-decode, which will prevent this attack because the router will not accept such a path."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:hedgedoc:hedgedoc:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.8.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.8,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-26T22:15Z",
    "lastModifiedDate" : "2021-05-07T18:36Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31784",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.opendesign.com/security-advisories",
          "name" : "https://www.opendesign.com/security-advisories",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:opendesign:drawings_sdk:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "2021.6",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-26T19:15Z",
    "lastModifiedDate" : "2021-05-04T00:30Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31783",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-345"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://piwigo.org/ext/index.php?cid=null",
          "name" : "https://piwigo.org/ext/index.php?cid=null",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/Piwigo/LocalFilesEditor/issues/2",
          "name" : "https://github.com/Piwigo/LocalFilesEditor/issues/2",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/Piwigo/LocalFilesEditor/commit/dda691d3e45bfd166ac175c70bd8b91cb4917b6b",
          "name" : "https://github.com/Piwigo/LocalFilesEditor/commit/dda691d3e45bfd166ac175c70bd8b91cb4917b6b",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "show_default.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File Inclusion because the file parameter is not validated with a proper regular-expression check."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:piwigo:localfiles_editor:*:*:*:*:*:piwigo:*:*",
          "versionEndExcluding" : "11.4.0.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-26T19:15Z",
    "lastModifiedDate" : "2021-05-04T00:32Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31646",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-307"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://gestsup.fr/index.php?page=download&channel=beta&version=3.2.10&type=patch",
          "name" : "https://gestsup.fr/index.php?page=download&channel=beta&version=3.2.10&type=patch",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://dojo.maltem.ca/public/advisories/CVE-2021-31646.html",
          "name" : "https://dojo.maltem.ca/public/advisories/CVE-2021-31646.html",
          "refsource" : "MISC",
          "tags" : [ "Broken Link", "Third Party Advisory" ]
        }, {
          "url" : "https://gestsup.fr/index.php?page=download",
          "name" : "https://gestsup.fr/index.php?page=download",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Gestsup before 3.2.10 allows account takeover through the password recovery functionality (remote). The affected component is the file forgot_pwd.php - it uses a weak algorithm for the generation of password recovery tokens (the PHP uniqueid function), allowing a brute force attack."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:gestsup:gestsup:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "3.2.10",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-26T19:15Z",
    "lastModifiedDate" : "2021-05-04T00:32Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29473",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/Exiv2/exiv2/security/policy",
          "name" : "https://github.com/Exiv2/exiv2/security/policy",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2",
          "name" : "https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/github/advisory-review/pull/1587",
          "name" : "https://github.com/github/advisory-review/pull/1587",
          "refsource" : "MISC",
          "tags" : [ "Broken Link", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ/",
          "name" : "FEDORA-2021-10d7331a31",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWZLDECIXXW3CCZ3RS4A3NG5X5VE4WZM/",
          "name" : "FEDORA-2021-2d860da728",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBKWLTXM7IKZ4PVGKLUQVAVFAYGGF7QR/",
          "name" : "FEDORA-2021-96a5dabcfa",
          "refsource" : "FEDORA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4. Please see our security policy for information about Exiv2 security."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "0.27.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "attackVector" : "LOCAL",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "LOW",
          "baseScore" : 2.5,
          "baseSeverity" : "LOW"
        },
        "exploitabilityScore" : 1.0,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:H/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "HIGH",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 2.6
        },
        "severity" : "LOW",
        "exploitabilityScore" : 4.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-26T19:15Z",
    "lastModifiedDate" : "2021-05-10T03:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22669",
        "ASSIGNER" : "ics-cert@hq.dhs.gov"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-732"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-02",
          "name" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-02",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "US Government Resource" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:advantech:webaccess\\/scada:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "9.0.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 9.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 8.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-26T19:15Z",
    "lastModifiedDate" : "2021-05-07T18:29Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-36325",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/akheron/jansson/issues/548",
          "name" : "https://github.com/akheron/jansson/issues/548",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "** DISPUTED ** An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:jansson_project:jansson:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "2.13.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-26T18:15Z",
    "lastModifiedDate" : "2021-05-04T14:51Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21220",
        "ASSIGNER" : "chrome-cve-admin@google.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-119"
          }, {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://crbug.com/1196683",
          "name" : "https://crbug.com/1196683",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html",
          "name" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Third Party Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202104-08",
          "name" : "GLSA-202104-08",
          "refsource" : "GENTOO",
          "tags" : [ ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162437/Google-Chrome-XOR-Typer-Out-Of-Bounds-Access-Remote-Code-Execution.html",
          "name" : "http://packetstormsecurity.com/files/162437/Google-Chrome-XOR-Typer-Out-Of-Bounds-Access-Remote-Code-Execution.html",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "89.0.4389.128",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-26T17:15Z",
    "lastModifiedDate" : "2021-05-03T23:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21204",
        "ASSIGNER" : "chrome-cve-admin@google.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-416"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html",
          "name" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        }, {
          "url" : "https://crbug.com/1189926",
          "name" : "https://crbug.com/1189926",
          "refsource" : "MISC",
          "tags" : [ "Permissions Required", "Vendor Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4906",
          "name" : "DSA-4906",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202104-08",
          "name" : "GLSA-202104-08",
          "refsource" : "GENTOO",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "90.0.4430.72",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-26T17:15Z",
    "lastModifiedDate" : "2021-05-03T18:17Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21203",
        "ASSIGNER" : "chrome-cve-admin@google.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-416"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://crbug.com/1192054",
          "name" : "https://crbug.com/1192054",
          "refsource" : "MISC",
          "tags" : [ "Permissions Required", "Vendor Advisory" ]
        }, {
          "url" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html",
          "name" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4906",
          "name" : "DSA-4906",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202104-08",
          "name" : "GLSA-202104-08",
          "refsource" : "GENTOO",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "90.0.4430.72",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-26T17:15Z",
    "lastModifiedDate" : "2021-05-03T19:48Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21202",
        "ASSIGNER" : "chrome-cve-admin@google.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-416"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html",
          "name" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        }, {
          "url" : "https://crbug.com/1188889",
          "name" : "https://crbug.com/1188889",
          "refsource" : "MISC",
          "tags" : [ "Permissions Required", "Vendor Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4906",
          "name" : "DSA-4906",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202104-08",
          "name" : "GLSA-202104-08",
          "refsource" : "GENTOO",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "90.0.4430.72",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.6,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 6.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-26T17:15Z",
    "lastModifiedDate" : "2021-05-03T19:46Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21201",
        "ASSIGNER" : "chrome-cve-admin@google.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-416"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://crbug.com/1025683",
          "name" : "https://crbug.com/1025683",
          "refsource" : "MISC",
          "tags" : [ "Permissions Required", "Vendor Advisory" ]
        }, {
          "url" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html",
          "name" : "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4906",
          "name" : "DSA-4906",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202104-08",
          "name" : "GLSA-202104-08",
          "refsource" : "GENTOO",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "90.0.4430.72",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.6,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 6.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-26T17:15Z",
    "lastModifiedDate" : "2021-05-03T19:43Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-27851",
        "ASSIGNER" : "cert@cert.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-269"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-guix-daemon/",
          "name" : "https://guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-guix-daemon/",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://bugs.gnu.org/47229",
          "name" : "https://bugs.gnu.org/47229",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Mailing List", "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with `guix build`, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. If the user passed the --keep-failed option and the build eventually fails, the daemon changes ownership of the whole build tree, including the hardlink, to the user. At that point, the user has write access to the target file. Versions after and including v0.11.0-3298-g2608e40988, and versions prior to v1.2.0-75109-g94f0312546 are vulnerable."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:gnu:guix:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "0.11.0",
          "versionEndExcluding" : "1.2.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-26T16:15Z",
    "lastModifiedDate" : "2021-05-07T18:28Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-23382",
        "ASSIGNER" : "report@snyk.io"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-Other"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956",
          "name" : "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641",
          "name" : "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640",
          "name" : "https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \\/\\*\\s* sourceMappingURL=(.*)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:postcss:postcss:*:*:*:*:*:node.js:*:*",
          "versionEndExcluding" : "8.2.13",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "LOW",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-26T16:15Z",
    "lastModifiedDate" : "2021-05-04T14:40Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3494",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-319"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1948005",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1948005",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if certain conditions are met. The highest threat from this flaw is to system confidentiality. This flaw affects Foreman versions before 2.5.0."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "2.5.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.9,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.2,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-26T15:15Z",
    "lastModifiedDate" : "2021-05-04T14:14Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28399",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/C1inton/CVE-Record/blob/master/CVE%20Record/%5BCVE-2021-28399%5DOrangeHRM%204.7.md",
          "name" : "https://github.com/C1inton/CVE-Record/blob/master/CVE%20Record/%5BCVE-2021-28399%5DOrangeHRM%204.7.md",
          "refsource" : "MISC",
          "tags" : [ "Broken Link", "Third Party Advisory" ]
        }, {
          "url" : "https://www.orangehrm.com/",
          "name" : "https://www.orangehrm.com/",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid username and email address via the forgot password function."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:orangehrm:orangehrm:4.7:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-26T14:15Z",
    "lastModifiedDate" : "2021-05-05T21:20Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25839",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-521"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/C1inton/CVE-Record/blob/master/CVE%20Record/%5BCVE-2021-25839%5DMintHCM%203.0.8.md",
          "name" : "https://github.com/C1inton/CVE-Record/blob/master/CVE%20Record/%5BCVE-2021-25839%5DMintHCM%203.0.8.md",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://minthcm.org/",
          "name" : "https://minthcm.org/",
          "refsource" : "MISC",
          "tags" : [ "Product" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:minthcm:minthcm:3.0.8:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-26T14:15Z",
    "lastModifiedDate" : "2021-05-06T21:17Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31802",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://ssd-disclosure.com/ssd-advisory-netgear-nighthawk-r7000-httpd-preauth-rce/",
          "name" : "https://ssd-disclosure.com/ssd-advisory-netgear-nighthawk-r7000-httpd-preauth-rce/",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://www.netgear.com/about/security/",
          "name" : "https://www.netgear.com/about/security/",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length value is trusted during a backup.cgi file upload. The attacker must add a \\n before the Content-Length header."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.0.11.116",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "ADJACENT_NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:A/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "ADJACENT_NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 8.3
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 6.5,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-26T13:15Z",
    "lastModifiedDate" : "2021-05-06T20:38Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-26797",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-521"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://le0nc.blogspot.com/2021/04/cve-2021-26797-access-control.html",
          "name" : "https://le0nc.blogspot.com/2021/04/cve-2021-26797-access-control.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.20140224154640 allows an attacker to get system administrator through an open Telnet service."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:hametech:hame_sd1_wi-fi_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "20140224154640",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:hametech:hame_sd1_wi-fi:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-26T12:15Z",
    "lastModifiedDate" : "2021-05-06T13:43Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25927",
        "ASSIGNER" : "vulnerabilitylab@whitesourcesoftware.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-Other"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/jessie-codes/safe-flat/commit/4b9b7db976bba8c968354f4315f5f9c219b7cbf3",
          "name" : "https://github.com/jessie-codes/safe-flat/commit/4b9b7db976bba8c968354f4315f5f9c219b7cbf3",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25927",
          "name" : "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25927",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:safe-flat_project:safe-flat:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.0.0",
          "versionEndExcluding" : "2.0.2",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-26T11:15Z",
    "lastModifiedDate" : "2021-05-06T13:32Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31803",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://docs.cpanel.net/changelogs/94-change-log/",
          "name" : "https://docs.cpanel.net/changelogs/94-change-log/",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "94.0.3",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-26T08:15Z",
    "lastModifiedDate" : "2021-05-06T20:40Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20712",
        "ASSIGNER" : "vultures@jpcert.or.jp"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-863"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://jvn.jp/en/jp/JVN29739718/index.html",
          "name" : "https://jvn.jp/en/jp/JVN29739718/index.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://jpn.nec.com/security-info/secinfo/nv21-010.html",
          "name" : "https://jpn.nec.com/security-info/secinfo/nv21-010.html",
          "refsource" : "MISC",
          "tags" : [ "Mitigation", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Improper access control vulnerability in NEC Aterm WG2600HS firmware Ver1.5.1 and earlier, and Aterm WX3000HP firmware Ver1.1.2 and earlier allows a device connected to the LAN side to be accessed from the WAN side due to the defect in the IPv6 firewall function."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_wg2600hs_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.5.1",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_wg2600hs:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_wx3000hp_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.1.2",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_wx3000hp:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-26T01:15Z",
    "lastModifiedDate" : "2021-05-05T21:19Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20709",
        "ASSIGNER" : "vultures@jpcert.or.jp"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-354"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://jvn.jp/en/jp/JVN29739718/index.html",
          "name" : "https://jvn.jp/en/jp/JVN29739718/index.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://jpn.nec.com/security-info/secinfo/nv21-010.html",
          "name" : "https://jpn.nec.com/security-info/secinfo/nv21-010.html",
          "refsource" : "MISC",
          "tags" : [ "Mitigation", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to a specific URL."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_wf1200cr_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.3.2",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_wf1200cr:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_wg1200cr_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.3.3",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_wg1200cr:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_wg2600hs_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.5.1",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_wg2600hs:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.2,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.2,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 9.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 8.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-26T01:15Z",
    "lastModifiedDate" : "2021-05-05T20:02Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20708",
        "ASSIGNER" : "vultures@jpcert.or.jp"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-78"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://jvn.jp/en/jp/JVN29739718/index.html",
          "name" : "https://jvn.jp/en/jp/JVN29739718/index.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://jpn.nec.com/security-info/secinfo/nv21-010.html",
          "name" : "https://jpn.nec.com/security-info/secinfo/nv21-010.html",
          "refsource" : "MISC",
          "tags" : [ "Mitigation", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execute arbitrary OS commands by sending a specially crafted request to a specific URL."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_wf1200cr_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.3.2",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_wf1200cr:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_wg1200cr_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.3.3",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_wg1200cr:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_wg2600hs_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.5.1",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_wg2600hs:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.2,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.2,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 9.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 8.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-26T01:15Z",
    "lastModifiedDate" : "2021-05-05T19:57Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20697",
        "ASSIGNER" : "vultures@jpcert.or.jp"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-306"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html",
          "name" : "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://jvn.jp/en/vu/JVNVU92898656/index.html",
          "name" : "https://jvn.jp/en/vu/JVNVU92898656/index.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via unspecified vectors."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:dlink:dap-1880ac_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.21",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:dlink:dap-1880ac:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-26T01:15Z",
    "lastModifiedDate" : "2021-05-03T19:31Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20696",
        "ASSIGNER" : "vultures@jpcert.or.jp"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-78"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html",
          "name" : "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://jvn.jp/en/vu/JVNVU92898656/index.html",
          "name" : "https://jvn.jp/en/vu/JVNVU92898656/index.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:dlink:dap-1880ac_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.21",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:dlink:dap-1880ac:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 9.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 8.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-26T01:15Z",
    "lastModifiedDate" : "2021-05-03T19:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20695",
        "ASSIGNER" : "vultures@jpcert.or.jp"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-269"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html",
          "name" : "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://jvn.jp/en/vu/JVNVU92898656/index.html",
          "name" : "https://jvn.jp/en/vu/JVNVU92898656/index.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Improper following of a certificate's chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to gain root privileges via unspecified vectors."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:dlink:dap-1880ac_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.21",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:dlink:dap-1880ac:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 9.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 8.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-26T01:15Z",
    "lastModifiedDate" : "2021-05-03T19:34Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20694",
        "ASSIGNER" : "vultures@jpcert.or.jp"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-863"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html",
          "name" : "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://jvn.jp/en/vu/JVNVU92898656/index.html",
          "name" : "https://jvn.jp/en/vu/JVNVU92898656/index.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified vectors."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:dlink:dap-1880ac_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.21",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:dlink:dap-1880ac:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-26T01:15Z",
    "lastModifiedDate" : "2021-05-03T19:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20693",
        "ASSIGNER" : "vultures@jpcert.or.jp"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-863"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://jvn.jp/en/jp/JVN54025691/index.html",
          "name" : "https://jvn.jp/en/jp/JVN54025691/index.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:gurunavi:gurunavi:*:*:*:*:*:android:*:*",
          "versionEndIncluding" : "10.0.10",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:gurunavi:gurunavi:*:*:*:*:*:iphone_os:*:*",
          "versionEndIncluding" : "11.1.2",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-26T01:15Z",
    "lastModifiedDate" : "2021-05-05T19:08Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20680",
        "ASSIGNER" : "vultures@jpcert.or.jp"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://jpn.nec.com/security-info/secinfo/nv21-008.html",
          "name" : "https://jpn.nec.com/security-info/secinfo/nv21-008.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://jvn.jp/en/jp/JVN67456944/index.html",
          "name" : "https://jvn.jp/en/jp/JVN67456944/index.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Cross-site scripting vulnerability in NEC Aterm devices (Aterm WG1900HP2 firmware Ver.1.3.1 and earlier, Aterm WG1900HP firmware Ver.2.5.1 and earlier, Aterm WG1800HP4 firmware Ver.1.3.1 and earlier, Aterm WG1800HP3 firmware Ver.1.5.1 and earlier, Aterm WG1200HS2 firmware Ver.2.5.0 and earlier, Aterm WG1200HP3 firmware Ver.1.3.1 and earlier, Aterm WG1200HP2 firmware Ver.2.5.0 and earlier, Aterm W1200EX firmware Ver.1.3.1 and earlier, Aterm W1200EX-MS firmware Ver.1.3.1 and earlier, Aterm WG1200HS firmware all versions Aterm WG1200HP firmware all versions Aterm WF800HP firmware all versions Aterm WF300HP2 firmware all versions Aterm WR8165N firmware all versions Aterm W500P firmware all versions, and Aterm W300P firmware all versions) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_wg1900hp2_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.3.1",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_wg1900hp2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_wg1900hp_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.5.1",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_wg1900hp:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_wg1800hp4_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.3.1",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_wg1800hp4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_wg1800hp3_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.5.1",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_wg1800hp3:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_wg1200hs3_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.1.2",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_wg1200hs3:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_wg1200hs2_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.5.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_wg1200hs2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_wg1200hp3_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.3.1",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_wg1200hp3:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_wg1200hp2_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.5.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_wg1200hp2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_w1200ex_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.3.1",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_w1200ex:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_w1200ex-ms_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.3.1",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_w1200ex-ms:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_wg1200hs_firmware:*:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_wg1200hs:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_wg1200hp_firmware:*:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_wg1200hp:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_wf800hp_firmware:*:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_wf800hp:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_wf300hp2_firmware:*:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_wf300hp2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_wr8165n_firmware:*:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_wr8165n:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_w500p_firmware:*:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_w500p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:nec:aterm_w300p_firmware:*:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:nec:aterm_w300p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-26T01:15Z",
    "lastModifiedDate" : "2021-05-05T21:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31726",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-77"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://pastebin.com/yv4ajFjD",
          "name" : "https://pastebin.com/yv4ajFjD",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.akuvox.com/ProductsDisp.aspx?pid=21",
          "name" : "https://www.akuvox.com/ProductsDisp.aspx?pid=21",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_server service. The attack vector is sending a payload to port 189 (default root 0.0.0.0)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:akuvox:c315_firmware:115.116.2613:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:akuvox:c315:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-25T19:15Z",
    "lastModifiedDate" : "2021-05-06T20:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31718",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-346"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://framagit.org/medoc92/npupnp",
          "name" : "https://framagit.org/medoc92/npupnp",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/04/25/2",
          "name" : "http://www.openwall.com/lists/oss-security/2021/04/25/2",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://www.lesbonscomptes.com/upmpdcli/npupnp-doc/libnpupnp.html",
          "name" : "https://www.lesbonscomptes.com/upmpdcli/npupnp-doc/libnpupnp.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server (including UPnP SOAP and GENA endpoints), leading to remote code execution."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:npupnp_project:npupnp:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "4.1.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-25T19:15Z",
    "lastModifiedDate" : "2021-05-05T20:11Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30502",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://vuln.ryotak.me/advisories/38",
          "name" : "https://vuln.ryotak.me/advisories/38",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/dramforever/vscode-ghc-simple/releases",
          "name" : "https://github.com/dramforever/vscode-ghc-simple/releases",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/dramforever/vscode-ghc-simple/commit/bc7f6f0b857dade46ea51496d8bd1a4edef39b46",
          "name" : "https://github.com/dramforever/vscode-ghc-simple/commit/bc7f6f0b857dade46ea51496d8bd1a4edef39b46",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/dramforever/vscode-ghc-simple/blob/master/CHANGELOG.md#v023",
          "name" : "https://github.com/dramforever/vscode-ghc-simple/blob/master/CHANGELOG.md#v023",
          "refsource" : "CONFIRM",
          "tags" : [ "Release Notes", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:simple_glasgow_haskell_compiler_project:simple_glasgow_haskell_compiler:*:*:*:*:*:visual_studio_code:*:*",
          "versionEndExcluding" : "0.2.3",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-25T03:15Z",
    "lastModifiedDate" : "2021-05-07T16:24Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31795",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://mcyoloswagham.github.io/linux/",
          "name" : "https://mcyoloswagham.github.io/linux/",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for the Linux kernel, as used on Alcatel 1S phones, allows attackers to overwrite heap memory via PhysmemNewRamBackedPMR."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:pvrsrvkm.ko_project:pvrsrvkm.ko:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "2021-04-24",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.0,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.0,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 6.9
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.4,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-24T18:15Z",
    "lastModifiedDate" : "2021-05-06T18:45Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31791",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-312"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.sentrysoftware.com/library/releaseNotes/index.html?hardwaresentrykmforpatrol10_0_01releasenotes.htm",
          "name" : "https://www.sentrysoftware.com/library/releaseNotes/index.html?hardwaresentrykmforpatrol10_0_01releasenotes.htm",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:sentrysoftware:hardware_sentry_km_for_bmc_patrol:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "10.0.01:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-23T22:15Z",
    "lastModifiedDate" : "2021-05-07T14:02Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29158",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-863"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.sonatype.com/hc/en-us/categories/201980768-Welcome-to-the-Sonatype-Support-Knowledge-Base",
          "name" : "https://support.sonatype.com/hc/en-us/categories/201980768-Welcome-to-the-Sonatype-Support-Knowledge-Base",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://support.sonatype.com/hc/en-us/articles/1500006126462",
          "name" : "https://support.sonatype.com/hc/en-us/articles/1500006126462",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:sonatype:nexus_repository_manager_3:*:*:*:*:pro:*:*:*",
          "versionEndIncluding" : "3.30.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.9,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.2,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-23T21:15Z",
    "lastModifiedDate" : "2021-05-05T20:09Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25899",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/all-your-databases-belong-to-me-a-blind-sqli-case-study/",
          "name" : "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/all-your-databases-belong-to-me-a-blind-sqli-case-study/",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28765",
          "name" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28765",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:void:aural_rec_monitor:9.0.0.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-23T21:15Z",
    "lastModifiedDate" : "2021-05-06T16:43Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25898",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-798"
          }, {
            "lang" : "en",
            "value" : "CWE-312"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/all-your-databases-belong-to-me-a-blind-sqli-case-study/",
          "name" : "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/all-your-databases-belong-to-me-a-blind-sqli-case-study/",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28765",
          "name" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28765",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:void:aural_rec_monitor:9.0.0.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-23T21:15Z",
    "lastModifiedDate" : "2021-05-06T16:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31780",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-212"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/MISP/MISP/commit/a0f08501d2850025892e703f40fb1570c7995478",
          "name" : "https://github.com/MISP/MISP/commit/a0f08501d2850025892e703f40fb1570c7995478",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:misp:misp:2.4.141:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-23T20:15Z",
    "lastModifiedDate" : "2021-05-05T20:06Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29470",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj",
          "name" : "https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/Exiv2/exiv2/pull/1581",
          "name" : "https://github.com/Exiv2/exiv2/pull/1581",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ/",
          "name" : "FEDORA-2021-10d7331a31",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWZLDECIXXW3CCZ3RS4A3NG5X5VE4WZM/",
          "name" : "FEDORA-2021-2d860da728",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBKWLTXM7IKZ4PVGKLUQVAVFAYGGF7QR/",
          "name" : "FEDORA-2021-96a5dabcfa",
          "refsource" : "FEDORA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "0.27.3",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-23T19:15Z",
    "lastModifiedDate" : "2021-05-10T03:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20089",
        "ASSIGNER" : "vulnreport@tenable.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-Other"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/purl.md",
          "name" : "https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/purl.md",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in purl 2.3.2 allows a malicious user to inject properties into Object.prototype."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:purl_project:purl:2.3.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-23T19:15Z",
    "lastModifiedDate" : "2021-05-04T13:29Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20086",
        "ASSIGNER" : "vulnreport@tenable.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-Other"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/jquery-bbq.md",
          "name" : "https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/jquery-bbq.md",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:jquery-bbq_project:jquery-bbq:1.2.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-23T19:15Z",
    "lastModifiedDate" : "2021-05-04T13:29Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29469",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/NodeRedis/node-redis/releases/tag/v3.1.1",
          "name" : "https://github.com/NodeRedis/node-redis/releases/tag/v3.1.1",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/NodeRedis/node-redis/commit/2d11b6dc9b9774464a91fb4b448bad8bf699629e",
          "name" : "https://github.com/NodeRedis/node-redis/commit/2d11b6dc9b9774464a91fb4b448bad8bf699629e",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/NodeRedis/node-redis/security/advisories/GHSA-35q2-47q7-3pc3",
          "name" : "https://github.com/NodeRedis/node-redis/security/advisories/GHSA-35q2-47q7-3pc3",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched in version 3.1.1."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redis.js:redis:*:*:*:*:*:node.js:*:*",
          "versionEndExcluding" : "3.1.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-23T18:15Z",
    "lastModifiedDate" : "2021-05-03T19:36Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22204",
        "ASSIGNER" : "cve@gitlab.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-74"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800",
          "name" : "https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://hackerone.com/reports/1154542",
          "name" : "https://hackerone.com/reports/1154542",
          "refsource" : "MISC",
          "tags" : [ "Permissions Required", "Third Party Advisory" ]
        }, {
          "url" : "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json",
          "name" : "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4910",
          "name" : "DSA-4910",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/",
          "name" : "FEDORA-2021-e3d8833d36",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/",
          "name" : "FEDORA-2021-de850ed71e",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/",
          "name" : "FEDORA-2021-88d24aa32b",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/09/1",
          "name" : "[oss-security] 20210509 [CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exiftool_project:exiftool:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.44",
          "versionEndExcluding" : "12.24",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-23T18:15Z",
    "lastModifiedDate" : "2021-05-09T12:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31539",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-312"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.gruppotim.it/redteam",
          "name" : "https://www.gruppotim.it/redteam",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://www.wowza.com/products/streaming-engine",
          "name" : "https://www.wowza.com/products/streaming-engine",
          "refsource" : "MISC",
          "tags" : [ "Product", "Vendor Advisory" ]
        }, {
          "url" : "https://www.wowza.com/docs/wowza-streaming-engine-4-8-8-01-release-notes#breaking",
          "name" : "https://www.wowza.com/docs/wowza-streaming-engine-4-8-8-01-release-notes#breaking",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:wowza:streaming_engine:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "4.8.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-23T17:15Z",
    "lastModifiedDate" : "2021-05-05T11:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31410",
        "ASSIGNER" : "security@vaadin.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-668"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://vaadin.com/security/cve-2021-31410",
          "name" : "https://vaadin.com/security/cve-2021-31410",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:designer:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "4.3.0",
          "versionEndExcluding" : "4.6.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-23T17:15Z",
    "lastModifiedDate" : "2021-05-04T15:25Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31408",
        "ASSIGNER" : "security@vaadin.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-613"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/vaadin/flow/pull/10577",
          "name" : "https://github.com/vaadin/flow/pull/10577",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://vaadin.com/security/cve-2021-31408",
          "name" : "https://vaadin.com/security/cve-2021-31408",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the user attempted to log out."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:flow:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "5.0.0",
          "versionEndExcluding" : "6.0.0",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:flow:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.0.0",
          "versionEndExcluding" : "6.0.5",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:vaadin:18.0.0:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "19.0.0",
          "versionEndExcluding" : "19.0.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.1,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.3
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.4,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-23T17:15Z",
    "lastModifiedDate" : "2021-05-04T16:19Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31407",
        "ASSIGNER" : "security@vaadin.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-668"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/vaadin/flow/pull/10269",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://vaadin.com/security/cve-2021-31407",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://github.com/vaadin/flow/pull/10229",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/vaadin/osgi/issues/50",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:flow:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.2.0",
          "versionEndExcluding" : "2.4.8",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:flow:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.0.0",
          "versionEndExcluding" : "6.0.2",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "12.0.0",
          "versionEndExcluding" : "14.4.10",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:vaadin:19.0.0:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-23T16:15Z",
    "lastModifiedDate" : "2021-05-05T17:12Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31405",
        "ASSIGNER" : "security@vaadin.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-400"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://vaadin.com/security/cve-2021-31405",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://github.com/vaadin/flow-components/pull/442",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:flow:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.0.4",
          "versionEndExcluding" : "2.3.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:flow:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.0.0",
          "versionEndExcluding" : "4.0.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "14.0.6",
          "versionEndExcluding" : "14.4.4",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "15.0.0",
          "versionEndExcluding" : "17.0.11",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-23T16:15Z",
    "lastModifiedDate" : "2021-05-05T17:43Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-26909",
        "ASSIGNER" : "cve@rapid7.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-269"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://community.automox.com/t/cve-2021-26908-and-cve-201-26909-automox-agent-information-disclosure-vulnerabilities-fixed/1955",
          "name" : "https://community.automox.com/t/cve-2021-26908-and-cve-201-26909-automox-agent-information-disclosure-vulnerabilities-fixed/1955",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.rapid7.com/blog/post/2021/04/13/cve-2021-26908-and-cve-2021-26909-automox-agent-information-disclosure-fixed/",
          "name" : "https://www.rapid7.com/blog/post/2021/04/13/cve-2021-26908-and-cve-2021-26909-automox-agent-information-disclosure-fixed/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:automox:automox:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "31",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-23T16:15Z",
    "lastModifiedDate" : "2021-05-05T19:30Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-26908",
        "ASSIGNER" : "cve@rapid7.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-532"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://community.automox.com/t/cve-2021-26908-and-cve-201-26909-automox-agent-information-disclosure-vulnerabilities-fixed/1955",
          "name" : "https://community.automox.com/t/cve-2021-26908-and-cve-201-26909-automox-agent-information-disclosure-vulnerabilities-fixed/1955",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.rapid7.com/blog/post/2021/04/13/cve-2021-26908-and-cve-2021-26909-automox-agent-information-disclosure-fixed/",
          "name" : "https://www.rapid7.com/blog/post/2021/04/13/cve-2021-26908-and-cve-2021-26909-automox-agent-information-disclosure-fixed/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:automox:automox:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "31",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.3,
          "baseSeverity" : "LOW"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-23T16:15Z",
    "lastModifiedDate" : "2021-05-05T19:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-36321",
        "ASSIGNER" : "security@vaadin.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-22"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://vaadin.com/security/cve-2020-36321",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://github.com/vaadin/flow/pull/9392",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 (Vaadin 14.0.0 through 14.4.2), and 3.0 prior to 5.0 (Vaadin 15 prior to 18) allows attacker to request arbitrary files stored outside of intended frontend resources folder."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:flow:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.0.0",
          "versionEndExcluding" : "2.4.2",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:flow:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.0.0",
          "versionEndExcluding" : "5.0.0",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "14.0.0",
          "versionEndExcluding" : "14.4.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "15.0.0",
          "versionEndExcluding" : "18.0.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-23T16:15Z",
    "lastModifiedDate" : "2021-05-05T17:26Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-36320",
        "ASSIGNER" : "security@vaadin.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-400"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://vaadin.com/security/cve-2020-36320",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://github.com/vaadin/framework/issues/7757",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Exploit", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/vaadin/framework/pull/12104",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaadin 7.0.0 through 7.7.21) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.0.0",
          "versionEndExcluding" : "7.7.22",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-23T16:15Z",
    "lastModifiedDate" : "2021-05-05T18:02Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-36319",
        "ASSIGNER" : "security@vaadin.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-200"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/vaadin/flow/pull/8051",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/vaadin/flow/pull/8016",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://vaadin.com/security/cve-2020-36319",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g. @RestController"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:flow:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.0.0",
          "versionEndExcluding" : "3.0.6",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "15.0.0",
          "versionEndExcluding" : "15.0.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-23T16:15Z",
    "lastModifiedDate" : "2021-05-05T17:55Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-25028",
        "ASSIGNER" : "security@vaadin.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://vaadin.com/security/cve-2019-25028",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://github.com/vaadin/framework/pull/11645",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/vaadin/framework/pull/11644",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.4.0",
          "versionEndExcluding" : "7.7.20",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.0",
          "versionEndExcluding" : "8.8.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-23T16:15Z",
    "lastModifiedDate" : "2021-05-05T18:09Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-25027",
        "ASSIGNER" : "security@vaadin.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://vaadin.com/security/cve-2019-25027",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://github.com/vaadin/flow/pull/5498",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 13.0.5) allows attacker to execute malicious JavaScript via crafted URL"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:flow:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.0.0",
          "versionEndExcluding" : "1.0.11",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:flow:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.1.0",
          "versionEndExcluding" : "1.4.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "10.0.0",
          "versionEndExcluding" : "10.0.14",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "11.0.0",
          "versionEndExcluding" : "13.0.6",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-23T16:15Z",
    "lastModifiedDate" : "2021-05-05T18:27Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2018-25007",
        "ASSIGNER" : "security@vaadin.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-754"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://vaadin.com/security/cve-2018-25007",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://github.com/vaadin/flow/pull/4774",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:flow:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.0.0",
          "versionEndExcluding" : "1.0.6",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "10.0.0",
          "versionEndExcluding" : "10.0.8",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "11.0.0",
          "versionEndExcluding" : "11.0.3",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-23T16:15Z",
    "lastModifiedDate" : "2021-05-05T18:26Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-26291",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-346"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r06db4057b74e0598a412734f693a34a8836ac6f06d16d139e5e1027c@%3Cdev.maven.apache.org%3E",
          "name" : "[maven-dev] 20210423 CVE-2021-26291: Apache Maven: block repositories using http by default",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00@%3Cusers.maven.apache.org%3E",
          "name" : "[maven-users] 20210423 CVE-2021-26291: Apache Maven: block repositories using http by default",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/04/23/5",
          "name" : "[oss-security] 20210423 CVE-2021-26291: Apache Maven: block repositories using http by default",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0556ce5db7231025785477739ee416b169d8aff5ee9bac7854d64736@%3Cannounce.apache.org%3E",
          "name" : "[announce] 20210423 CVE-2021-26291: Apache Maven: block repositories using http by default",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra88a0eba7f84658cefcecc0143fd8bbad52c229ee5dfcbfdde7b6457@%3Cdev.jena.apache.org%3E",
          "name" : "[jena-dev] 20210428 FYI: Maven CVE-2021-26291",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r3f0450dcab7e63b5f233ccfbc6fca5f1867a75c8aa2493ea82732381@%3Cdev.jena.apache.org%3E",
          "name" : "[jena-dev] 20210429 Re: FYI: Maven CVE-2021-26291",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594@%3Cdev.myfaces.apache.org%3E",
          "name" : "[myfaces-dev] 20210506 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #817: build: CVE fix",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:maven:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "3.8.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 9.1,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.4
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-23T15:15Z",
    "lastModifiedDate" : "2021-05-06T14:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25382",
        "ASSIGNER" : "mobile.security@samsung.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-863"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://security.samsungmobile.com/securityUpdate.smsb?year=2020&month=10",
          "name" : "https://security.samsungmobile.com/securityUpdate.smsb?year=2020&month=10",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
          "attackVector" : "PHYSICAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 0.3,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.6
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-23T15:15Z",
    "lastModifiedDate" : "2021-05-03T14:51Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31607",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-77"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/",
          "name" : "https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LDKMAJXYFHM4USVX3H5V2GCCBGASWUSM/",
          "name" : "FEDORA-2021-5aaebdae8e",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2016.9",
          "versionEndIncluding" : "3002.6",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-23T06:15Z",
    "lastModifiedDate" : "2021-05-04T20:24Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-2250",
        "ASSIGNER" : "secalert_us@oracle.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "name" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-484/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-484/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "6.1.20",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.2,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.5,
        "impactScore" : 6.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-22T22:15Z",
    "lastModifiedDate" : "2021-05-04T14:03Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-2202",
        "ASSIGNER" : "secalert_us@oracle.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "name" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "5.7.0",
          "versionEndIncluding" : "5.7.32",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.0",
          "versionEndIncluding" : "8.0.22",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-22T22:15Z",
    "lastModifiedDate" : "2021-05-04T14:04Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-2194",
        "ASSIGNER" : "secalert_us@oracle.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "name" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "5.7.0",
          "versionEndIncluding" : "5.7.33",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.0",
          "versionEndIncluding" : "8.0.23",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 4.9,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.2,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-22T22:15Z",
    "lastModifiedDate" : "2021-05-04T14:03Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-2180",
        "ASSIGNER" : "secalert_us@oracle.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "name" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "5.7.0",
          "versionEndIncluding" : "5.7.33",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.0",
          "versionEndIncluding" : "8.0.23",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 4.9,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.2,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-22T22:15Z",
    "lastModifiedDate" : "2021-05-04T14:03Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-2179",
        "ASSIGNER" : "secalert_us@oracle.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "name" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "5.7.0",
          "versionEndIncluding" : "5.7.33",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.0",
          "versionEndIncluding" : "8.0.23",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 4.9,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.2,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-22T22:15Z",
    "lastModifiedDate" : "2021-05-04T14:04Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-2178",
        "ASSIGNER" : "secalert_us@oracle.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "name" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "5.7.0",
          "versionEndIncluding" : "5.7.32",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.0",
          "versionEndIncluding" : "8.0.22",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-22T22:15Z",
    "lastModifiedDate" : "2021-05-04T14:04Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-2174",
        "ASSIGNER" : "secalert_us@oracle.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "name" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "5.7.0",
          "versionEndIncluding" : "5.7.33",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.0",
          "versionEndIncluding" : "8.0.23",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 4.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 0.7,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-22T22:15Z",
    "lastModifiedDate" : "2021-05-04T14:02Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-2163",
        "ASSIGNER" : "secalert_us@oracle.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "name" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html",
          "name" : "[debian-lts-announce] 20210423 [SECURITY] [DLA 2634-1] openjdk-8 security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/",
          "name" : "FEDORA-2021-6eb9bbbf0c",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/",
          "name" : "FEDORA-2021-65aa196c14",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/",
          "name" : "FEDORA-2021-25b47f16af",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4899",
          "name" : "DSA-4899",
          "refsource" : "DEBIAN",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/",
          "name" : "FEDORA-2021-8b80ef64f1",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/",
          "name" : "FEDORA-2021-f71b592e07",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/",
          "name" : "FEDORA-2021-b88e86b753",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:jdk:1.7.0:update_291:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:jdk:1.8.0:update_281:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:jdk:11.0.10:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:jdk:16.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:jre:1.8.0:update_281:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.6,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "HIGH",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.6
        },
        "severity" : "LOW",
        "exploitabilityScore" : 4.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-22T22:15Z",
    "lastModifiedDate" : "2021-05-04T09:00Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-2161",
        "ASSIGNER" : "secalert_us@oracle.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "name" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html",
          "name" : "[debian-lts-announce] 20210423 [SECURITY] [DLA 2634-1] openjdk-8 security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4899",
          "name" : "DSA-4899",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/",
          "name" : "FEDORA-2021-6eb9bbbf0c",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/",
          "name" : "FEDORA-2021-65aa196c14",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/",
          "name" : "FEDORA-2021-25b47f16af",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/",
          "name" : "FEDORA-2021-8b80ef64f1",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/",
          "name" : "FEDORA-2021-f71b592e07",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/",
          "name" : "FEDORA-2021-b88e86b753",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:jdk:1.7.0:update_291:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:jdk:1.8.0:update_281:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:jdk:11.0.10:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:jdk:16.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:jre:1.8.0:update_281:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.9,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.2,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-22T22:15Z",
    "lastModifiedDate" : "2021-05-04T09:03Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-2053",
        "ASSIGNER" : "secalert_us@oracle.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "name" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://blog.stmcyber.com/vulns/cve-2021-2053/",
          "name" : "https://blog.stmcyber.com/vulns/cve-2021-2053/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework). The supported version that is affected is 13.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-22T22:15Z",
    "lastModifiedDate" : "2021-05-03T12:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-0273",
        "ASSIGNER" : "sirt@juniper.net"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-670"
          }, {
            "lang" : "en",
            "value" : "CWE-835"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.juniper.net/JSA11164",
          "name" : "https://kb.juniper.net/JSA11164",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in the PFE UCODE microcode of the Trio chipset with various line cards to cause packets destined to the devices interfaces to cause a Denial of Service (DoS) condition by looping the packet with an unreachable exit condition ('Infinite Loop'). To break this loop once it begins one side of the affected LT interfaces will need to be disabled. Once disabled, the condition will clear and the disabled LT interface can be reenabled. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue only affects LT-LT interfaces. Any other interfaces are not affected by this issue. This issue affects the following cards: MPCE Type 3 3D MPC4E 3D 32XGE MPC4E 3D 2CGE+8XGE EX9200 32x10G SFP EX9200-2C-8XS FPC Type 5-3D FPC Type 5-LSR EX9200 4x40G QSFP An Indicator of Compromise (IoC) can be seen by examining the traffic of the LT-LT interfaces for excessive traffic using the following command: monitor interface traffic Before loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3759900268942 (1456 bps) [0] <---------- LT interface utilization is low Output bytes: 3759900344309 (1456 bps) [0] <---------- LT interface utilization is low After loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3765160313129 (2158268368 bps) [5260044187] <---------- LT interface utilization is very high Output bytes: 3765160399522 (2158266440 bps) [5260055213] <---------- LT interface utilization is very high This issue affects: Juniper Networks Junos OS on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960. Versions 15.1F6, 16.1R1, and later versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. This issue does not affect the MX10001. This issue does not affect Juniper Networks Junos OS versions prior to 15.1F6, 16.1R1. Juniper Networks Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 19.4 versions prior to 19.4R2-EVO. This issue does not affect the MX10001."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6-s10:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6-s12:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6-s9:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r4-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r4-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r4-s9:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r5-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r5-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r5-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r5-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r6-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r6-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r6-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r6-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r6-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r7-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r7-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r7-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r7-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r7-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r7-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r7-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r7-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.2:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3-s11:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4-s12:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4-s9:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r5-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r1-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2-s10:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2-s11:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2-s9:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r2-s11:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r2-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r2-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3:-:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s10:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s9:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s9:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1:-:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos_os_evolved:19.4:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos_os_evolved:19.4:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:acx5800:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:ex9200:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:mx10016:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "LOW",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-22T20:15Z",
    "lastModifiedDate" : "2021-05-04T20:26Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-0272",
        "ASSIGNER" : "sirt@juniper.net"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-401"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.juniper.net/JSA11163",
          "name" : "https://kb.juniper.net/JSA11163",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://kb.juniper.net/KB32854",
          "name" : "https://kb.juniper.net/KB32854",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016 devices Flexible PIC Concentrators (FPCs) on Juniper Networks Junos OS allows an attacker to send genuine packets destined to the device to cause a Denial of Service (DoS) to the device. On QFX10002-32Q, QFX10002-60C, QFX10002-72Q devices the device will crash and restart. On QFX10008, QFX10016 devices, depending on the number of FPCs involved in an attack, one more more FPCs may crash and traffic through the device may be degraded in other ways, until the attack traffic stops. A reboot is required to restore service and clear the kernel memory. Continued receipt and processing of these genuine packets will create a sustained Denial of Service (DoS) condition. On QFX10008, QFX10016 devices, an indicator of compromise may be the existence of DCPFE core files. You can also monitor PFE memory utilization for incremental growth: user@qfx-RE:0% cprod -A fpc0 -c \"show heap 0\" | grep -i ke 0 3788a1b0 3221225048 2417120656 804104392 24 Kernel user@qfx-RE:0% cprod -A fpc0 -c \"show heap 0\" | grep -i ke 0 3788a1b0 3221225048 2332332200 888892848 27 Kernel This issue affects: Juniper Networks Junos OS on QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016: 16.1 versions 16.1R1 and above prior to 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R3-S2; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2. This issue does not affect releases prior to Junos OS 16.1R1. This issue does not affect EX Series devices. This issue does not affect Junos OS Evolved."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3-s11:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4-s12:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4-s9:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r5-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.2:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.2:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.2:r1-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.2:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.2:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.2:r2-s10:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.2:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.2:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.2:r2-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.2:r2-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.2:r2-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.2:r2-s9:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.2:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r1-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2-s10:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2-s11:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2-s9:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r2-s11:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r2-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r2-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r3-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3:-:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s10:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s10:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s11:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s9:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s10:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s9:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:qfx10002-32q:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:qfx10002-60c:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:qfx10002-72q:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:qfx10008:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:qfx10016:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "ADJACENT_NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:A/AC:L/Au:N/C:N/I:N/A:C",
          "accessVector" : "ADJACENT_NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 6.1
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 6.5,
        "impactScore" : 6.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-22T20:15Z",
    "lastModifiedDate" : "2021-05-04T20:28Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-0269",
        "ASSIGNER" : "sirt@juniper.net"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-Other"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.juniper.net/JSA11160",
          "name" : "https://kb.juniper.net/JSA11160",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions against a target device when a user is authenticated to J-Web. An attacker may be able to supersede existing parameters, including hardcoded parameters within the HTTP/S session, access and exploit variables, bypass web application firewall rules or input validation mechanisms, and otherwise alter and modify J-Web's normal behavior. An attacker may be able to transition victims to malicious web services, or exfiltrate sensitive information from otherwise secure web forms. This issue affects: Juniper Networks Junos OS: All versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s10:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s11:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s8:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s9:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r3-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r3-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r2-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r2-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r2-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s10:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s11:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s8:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s9:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r2-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r3-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r3-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r3-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r2-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r1-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r2-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.2:r1-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "HIGH",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.1
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 4.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-22T20:15Z",
    "lastModifiedDate" : "2021-05-04T20:37Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-0265",
        "ASSIGNER" : "sirt@juniper.net"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-78"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.juniper.net/JSA11156",
          "name" : "https://kb.juniper.net/JSA11156",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An unvalidated REST API in the AppFormix Agent of Juniper Networks AppFormix allows an unauthenticated remote attacker to execute commands as root on the host running the AppFormix Agent, when certain preconditions are performed by the attacker, thus granting the attacker full control over the environment. This issue affects: Juniper Networks AppFormix 3 versions prior to 3.1.22, 3.2.14, 3.3.0."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:juniper:appformix:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.0.0",
          "versionEndExcluding" : "3.1.22",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:juniper:appformix:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.2.0",
          "versionEndExcluding" : "3.2.14",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.1,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.2,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 10.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-22T20:15Z",
    "lastModifiedDate" : "2021-05-04T20:38Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-0263",
        "ASSIGNER" : "sirt@juniper.net"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.juniper.net/JSA11154",
          "name" : "https://kb.juniper.net/JSA11154",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.juniper.net/documentation/en_US/junos/topics/example/flowmonitoring-active-sampling-instance-example.html",
          "name" : "https://www.juniper.net/documentation/en_US/junos/topics/example/flowmonitoring-active-sampling-instance-example.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A Data Processing vulnerability in the Multi-Service process (multi-svcs) on the FPC of Juniper Networks Junos OS on the PTX Series routers may lead to the process becoming unresponsive, ultimately affecting traffic forwarding, allowing an attacker to cause a Denial of Service (DoS) condition . The Multi-Service Process running on the FPC is responsible for handling sampling-related operations when a J-Flow configuration is activated. This can occur during periods of heavy route churn, causing the Multi-Service Process to stop processing updates, without consuming any further updates from kernel. This back pressure towards the kernel affects further dynamic updates from other processes in the system, including RPD, causing a KRT-STUCK condition and traffic forwarding issues. An administrator can monitor the following command to check if there is the KRT queue is stuck: user@device > show krt state ... Number of async queue entries: 65007 <--- this value keep on increasing. The following logs/alarms will be observed when this condition exists: user@junos> show chassis alarms 2 alarms currently active Alarm time Class Description 2020-10-11 04:33:45 PDT Minor Potential slow peers are: MSP(FPC1-PIC0) MSP(FPC3-PIC0) MSP(FPC4-PIC0) Logs: Oct 11 04:33:44.672 2020 test /kernel: rts_peer_cp_recv_timeout : Bit set for msp8 as it is stuck Oct 11 04:35:56.000 2020 test-lab fpc4 user.err gldfpc-multi-svcs.elf: Error in parsing composite nexthop Oct 11 04:35:56.000 2020 test-lab fpc4 user.err gldfpc-multi-svcs.elf: composite nexthop parsing error Oct 11 04:43:05 2020 test /kernel: rt_pfe_veto: Possible slowest client is msp38. States processed - 65865741. States to be processed - 0 Oct 11 04:55:55 2020 test /kernel: rt_pfe_veto: Memory usage of M_RTNEXTHOP type = (0) Max size possible for M_RTNEXTHOP type = (8311787520) Current delayed unref = (60000), Current unique delayed unref = (10896), Max delayed unref on this platform = (40000) Current delayed weight unref = (71426) Max delayed weight unref on this platform= (400000) curproc = rpd Oct 11 04:56:00 2020 test /kernel: rt_pfe_veto: Too many delayed route/nexthop unrefs. Op 2 err 55, rtsm_id 5:-1, msg type 2 This issue only affects PTX Series devices. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS on PTX Series: 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S8, 18.4R3-S7; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.2R1."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1:-:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.2:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.3:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.3:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:ptx1000:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:ptx10001-36mr:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:ptx10002:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:ptx10003:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:ptx10004:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:ptx10008:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:ptx10016:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:ptx3000:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:ptx5000:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 5.9,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.2,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-22T20:15Z",
    "lastModifiedDate" : "2021-05-04T20:44Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-0262",
        "ASSIGNER" : "sirt@juniper.net"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-416"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.juniper.net/JSA11153",
          "name" : "https://kb.juniper.net/JSA11153",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Through routine static code analysis of the Juniper Networks Junos OS software codebase, the Secure Development Life Cycle team identified a Use After Free vulnerability in PFE packet processing on the QFX10002-60C switching platform. Exploitation of this vulnerability may allow a logically adjacent attacker to trigger a Denial of Service (DoS). Continued exploitation of this vulnerability will sustain the Denial of Service (DoS) condition. This issue only affects QFX10002-60C devices. No other product or platform is vulnerable to this issue. This issue affects Juniper Networks Junos OS on QFX10002-60C: 19.1 version 19.1R3-S1 and later versions; 19.1 versions prior to 19.1R3-S3; 19.2 version 19.2R2 and later versions; 19.2 versions prior to 19.2R3-S1; 20.2 versions prior to 20.2R1-S2. This issue does not affect Juniper Networks Junos OS: versions prior to 19.1R3; 19.2 versions prior to 19.2R2; any version of 19.3; version 20.2R2 and later releases."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r3-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r3-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r2-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "ADJACENT_NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:A/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "ADJACENT_NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 3.3
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.5,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-22T20:15Z",
    "lastModifiedDate" : "2021-05-04T21:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-0261",
        "ASSIGNER" : "sirt@juniper.net"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.juniper.net/JSA11152",
          "name" : "https://kb.juniper.net/JSA11152",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service (DoS) for these services by sending a high number of specific requests. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17 on EX Series; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230 on SRX Series; 16.1 versions prior to 16.1R7-S8; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r10:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r10-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r10-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r11:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r12:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r12-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r12-s10:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r12-s11:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r12-s12:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r12-s13:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r12-s14:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r12-s15:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r12-s16:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r12-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r12-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r12-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3:r12-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:ex4400:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:ex9200:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:ex9250:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d100:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d15:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d20:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d25:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d30:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d35:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d40:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d45:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d50:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d51:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d55:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d60:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d65:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d66:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d70:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d75:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d80:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d85:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d90:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:12.3x48:d95:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d10:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d100:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d110:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d120:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d130:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d131:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d140:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d15:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d150:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d160:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d170:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d180:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d190:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d20:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d200:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d210:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d25:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d30:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d35:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d40:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d45:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d50:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d55:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d60:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d65:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d70:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d75:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d80:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x49:d90:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:a1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f2-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f2-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f2-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f2-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f5-s7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6-s10:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6-s12:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6-s6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6-s7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6-s8:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f6-s9:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:f7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r4-s7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r4-s8:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r4-s9:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r5-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r5-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r5-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r5-s6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r6-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r6-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r6-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r6-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r6-s6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r7-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r7-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r7-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r7-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r7-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r7-s6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r7-s7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3-s11:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3-s8:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4-s12:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4-s6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4-s8:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4-s9:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r5-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6-s6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7-s6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7-s7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r1-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r1-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3:-:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s8:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s9:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s10:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s11:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s8:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s9:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r2-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r2-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r2-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s10:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s8:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s9:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1:-:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r2-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r3-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r2-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r1-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r2-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1-s2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-22T20:15Z",
    "lastModifiedDate" : "2021-05-04T21:56Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-0259",
        "ASSIGNER" : "sirt@juniper.net"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-755"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.juniper.net/JSA11150",
          "name" : "https://kb.juniper.net/JSA11150",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Due to a vulnerability in DDoS protection in Juniper Networks Junos OS and Junos OS Evolved on QFX5K Series switches in a VXLAN configuration, instability might be experienced in the underlay network as a consequence of exceeding the default ddos-protection aggregate threshold. If an attacker on a client device on the overlay network sends a high volume of specific, legitimate traffic in the overlay network, due to an improperly detected DDoS violation, the leaf might not process certain L2 traffic, sent by spines in the underlay network. Continued receipt and processing of the high volume traffic will sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on QFX5K Series: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R2-S8, 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. Juniper Networks Junos OS Evolved on QFX5220: All versions prior to 20.3R2-EVO."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3:-:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s10:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s9:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s10:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s11:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s9:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r3-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s10:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s11:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s12:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.1:r3-s9:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1:-:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.1:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.1:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.2:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.3:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.3:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:qfx5130:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:qfx5220:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos_os_evolved:18.3:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos_os_evolved:19.1:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos_os_evolved:19.1:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos_os_evolved:19.2:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos_os_evolved:19.2:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos_os_evolved:19.3:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos_os_evolved:19.3:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos_os_evolved:20.1:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos_os_evolved:20.1:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos_os_evolved:20.2:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos_os_evolved:20.2:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos_os_evolved:20.3:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:qfx5220:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "attackVector" : "ADJACENT_NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.4,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 4.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:A/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "ADJACENT_NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 3.3
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.5,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-22T20:15Z",
    "lastModifiedDate" : "2021-05-04T21:57Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-0257",
        "ASSIGNER" : "sirt@juniper.net"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-400"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://kb.juniper.net/JSA11148",
          "name" : "https://kb.juniper.net/JSA11148",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs (Modular Port Concentrators) where Integrated Routing and Bridging (IRB) interfaces are configured and mapped to a VPLS instance or a Bridge-Domain, certain Layer 2 network events at Customer Edge (CE) devices may cause memory leaks in the MPC of Provider Edge (PE) devices which can cause an out of memory condition and MPC restart. When this issue occurs, there will be temporary traffic interruption until the MPC is restored. An administrator can use the following CLI command to monitor the status of memory usage level of the MPC: user@device> show system resource-monitor fpc FPC Resource Usage Summary Free Heap Mem Watermark : 20 % Free NH Mem Watermark : 20 % Free Filter Mem Watermark : 20 % * - Watermark reached Slot # % Heap Free RTT Average RTT 1 87 PFE # % ENCAP mem Free % NH mem Free % FW mem Free 0 NA 88 99 1 NA 89 99 When the issue is occurring, the value of “% NH mem Free” will go down until the MPC restarts. This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines), including MX-MPC1-3D, MX-MPC1E-3D, MX-MPC2-3D, MX-MPC2E-3D, MPC-3D-16XGE, and CHAS-MXxx Series MPCs. No other products or platforms are affected by this issue. This issue affects Juniper Networks Junos OS on MX Series, EX9200 Series: 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R3-S3; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.2 versions prior to 20.2R1-S3, 20.2R2; 20.3 versions prior to 20.3R1-S1,, 20.3R2. This issue does not affect Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R3-S2; 18.1; 18.2 versions prior to 18.2R3-S4; 18.3 versions prior to 18.3R3-S2; 18.4 versions prior to 18.4R3-S1; 19.1; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3:-:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r3-s9:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s10:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s11:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s8:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r2-s9:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r2-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.2:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r1-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.3:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r1-s7:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r2-s6:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:18.4:r3-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r1-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.2:r3-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:-:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s4:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r2-s5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.3:r3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:19.4:r2-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:juniper:junos:20.3:r1:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:ex9200:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:mx10:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:mx10003:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:mx10016:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:mx104:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:mx150:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:mx40:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:mx5:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:mx80:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "ADJACENT_NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:A/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "ADJACENT_NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 3.3
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.5,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-22T20:15Z",
    "lastModifiedDate" : "2021-05-04T22:00Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20590",
        "ASSIGNER" : "vultures@jpcert.or.jp"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-287"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://jvn.jp/vu/JVNVU97615777/index.html",
          "name" : "https://jvn.jp/vu/JVNVU97615777/index.html",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf",
          "name" : "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Improper authentication vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT21 model GT2107-WTBD all versions ,GOT2000 series GT21 model GT2107-WTSD all versions, GOT SIMPLE series GS21 model GS2110-WTBD-N all versions and GOT SIMPLE series GS21 model GS2107-WTBD-N all versions allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the \"VNC server\" function is used."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:mitsubishielectric:got2000_gt27_firmware:*:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:mitsubishielectric:got2000_gt25_firmware:*:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:mitsubishielectric:gt2107-wtbd_firmware:*:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:mitsubishielectric:gt2107-wtbd:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:mitsubishielectric:gt2107-wtsd_firmware:*:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:mitsubishielectric:gt2107-wtsd:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:mitsubishielectric:gs2110-wtbd-n_firmware:*:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:mitsubishielectric:gs2110-wtbd-n:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:mitsubishielectric:gs2107-wtbd-n_firmware:*:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:mitsubishielectric:gs2107-wtbd-n:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-22T19:15Z",
    "lastModifiedDate" : "2021-05-04T15:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31572",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-190"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/FreeRTOS/FreeRTOS-Kernel/commit/d05b9c123f2bf9090bce386a244fc934ae44db5b",
          "name" : "https://github.com/FreeRTOS/FreeRTOS-Kernel/commit/d05b9c123f2bf9090bce386a244fc934ae44db5b",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:amazon:freertos:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "10.4.3",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-22T18:15Z",
    "lastModifiedDate" : "2021-05-03T22:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-31571",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-190"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/FreeRTOS/FreeRTOS-Kernel/commit/47338393f1f79558f6144213409f09f81d7c4837",
          "name" : "https://github.com/FreeRTOS/FreeRTOS-Kernel/commit/47338393f1f79558f6144213409f09f81d7c4837",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:amazon:freertos:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "10.4.3",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-22T18:15Z",
    "lastModifiedDate" : "2021-05-03T22:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28168",
        "ASSIGNER" : "security@eclipse.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-732"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/eclipse-ee4j/jersey/security/advisories/GHSA-c43q-5hpj-4crv",
          "name" : "https://github.com/eclipse-ee4j/jersey/security/advisories/GHSA-c43q-5hpj-4crv",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/eclipse-ee4j/jersey/pull/4712",
          "name" : "https://github.com/eclipse-ee4j/jersey/pull/4712",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd54b42edccc1b993853a9c4943a9b16db763f5e2febf6e64b7d0fe3c@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210429 [GitHub] [kafka] xjin-Confluent opened a new pull request #10614: MINOR: Upgrade jersey to 2.34",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc6221670de35b819fe191e7d8f2d17bc000549bd554020cec644b71e@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210505 [jira] [Created] (KAFKA-12752) CVE-2021-28168 upgrade jersey to 2.34 or 3.02",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra3d7cd37fc794981a885332af2f8df0d873753380ea19935d6d847fc@%3Cdev.kafka.apache.org%3E",
          "name" : "[kafka-dev] 20210505 [jira] [Created] (KAFKA-12752) CVE-2021-28168 upgrade jersey to 2.34 or 3.02",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc288874c330b3af9e29a1a114c5e0d24fff7a79eaa341f551535c8c0@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210505 [GitHub] [kafka] shayelkin opened a new pull request #10636: MINOR: Bump Jersey deps to 2.34 due to CVE-2021-28168",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r42fef440487a04cf5e487a9707ef5119d2dd5b809919f25ef4296fc4@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210506 [jira] [Commented] (KAFKA-12752) CVE-2021-28168 upgrade jersey to 2.34 or 3.02",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4066176a7352e021d7a81af460044bde8d57f40e98f8e4a31923af3a@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210506 [jira] [Assigned] (KAFKA-12752) CVE-2021-28168 upgrade jersey to 2.34 or 3.02",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rafc3c4cee534f478cbf8acf91e48373e291a21151f030e8132662a7b@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210506 [GitHub] [kafka] dongjinleekr opened a new pull request #10641: KAFKA-12752: CVE-2021-28168 upgrade jersey to 2.34 or 3.02",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6dadc8fe82071aba841d673ffadf34728bff4357796b1990a66e3af1@%3Ccommits.kafka.apache.org%3E",
          "name" : "[kafka-commits] 20210506 [kafka] branch 2.7 updated: KAFKA-12752: Bump Jersey deps to 2.34 due to CVE-2021-28168 (#10636)",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r454f38e85db149869c5a92c993c402260a4f8599bf283f6cfaada972@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210506 [GitHub] [kafka] omkreddy commented on pull request #10641: KAFKA-12752: CVE-2021-28168 upgrade jersey to 2.34 or 3.02",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r305fb82e5c005143c1e2ec986a19c0a44f42189ab2580344dc955359@%3Cdev.kafka.apache.org%3E",
          "name" : "[kafka-dev] 20210506 [jira] [Resolved] (KAFKA-12752) CVE-2021-28168 upgrade jersey to 2.34 or 3.02",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r280438f7cb4b3b1c9dfda9d7b05fa2a5cfab68618c6afee8169ecdaa@%3Ccommits.kafka.apache.org%3E",
          "name" : "[kafka-commits] 20210506 [kafka] branch 2.8 updated: KAFKA-12752: Bump Jersey deps to 2.34 due to CVE-2021-28168 (#10636)",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rdff6939e6c8dd620e20b013d9a35f57d42b3cd19e1d0483d85dfa2fd@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210506 [jira] [Resolved] (KAFKA-12752) CVE-2021-28168 upgrade jersey to 2.34 or 3.02",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r96658b899fcdbf04947257d201dc5a0abdbb5fb0a8f4ec0a6c15e70f@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210506 [GitHub] [kafka] omkreddy merged pull request #10636: MINOR: Bump Jersey deps to 2.34 due to CVE-2021-28168",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra2722171d569370a9e15147d9f3f6138ad9a188ee879c0156aa2d73a@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210507 [GitHub] [kafka] dongjinleekr closed pull request #10641: KAFKA-12752: CVE-2021-28168 upgrade jersey to 2.34 or 3.02",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra3290fe51b4546fac195724c4187c4cb7fc5809bc596c2f7e97606f4@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210507 [GitHub] [kafka] dongjinleekr commented on pull request #10641: KAFKA-12752: CVE-2021-28168 upgrade jersey to 2.34 or 3.02",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:eclipse:jersey:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.28",
          "versionEndExcluding" : "2.34",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:eclipse:jersey:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.0.0",
          "versionEndExcluding" : "3.0.2",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-22T18:15Z",
    "lastModifiedDate" : "2021-05-07T16:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-23133",
        "ASSIGNER" : "psirt@paloaltonetworks.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-362"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://www.openwall.com/lists/oss-security/2021/04/18/2",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Exploit", "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/",
          "name" : "FEDORA-2021-8cd093f639",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/",
          "name" : "FEDORA-2021-e6b4847979",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZASHZVCOFJ4VU2I3BN5W5EPHWJQ7QWX/",
          "name" : "FEDORA-2021-a963f04012",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/10/1",
          "name" : "[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/10/2",
          "name" : "[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/10/3",
          "name" : "[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/10/4",
          "name" : "[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "5.12",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:5.12:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:5.12:rc1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:5.12:rc2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:5.12:rc3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:5.12:rc4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:5.12:rc5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:5.12:rc6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:5.12:rc7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.0,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.0,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 6.9
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.4,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-22T18:15Z",
    "lastModifiedDate" : "2021-05-10T12:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1078",
        "ASSIGNER" : "psirt@nvidia.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-476"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
          "versionStartIncluding" : "390",
          "versionEndExcluding" : "392.65",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
          "versionStartIncluding" : "418",
          "versionEndExcluding" : "427.33",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
          "versionStartIncluding" : "450",
          "versionEndExcluding" : "452.96",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
          "versionStartIncluding" : "460",
          "versionEndExcluding" : "462.31",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
          "versionStartIncluding" : "465",
          "versionEndExcluding" : "466.11",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 4.9
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-21T23:15Z",
    "lastModifiedDate" : "2021-05-03T14:51Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1077",
        "ASSIGNER" : "psirt@nvidia.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-404"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*",
          "versionStartIncluding" : "450",
          "versionEndExcluding" : "450.119.03",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
          "versionStartIncluding" : "450",
          "versionEndExcluding" : "452.96",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*",
          "versionStartIncluding" : "460",
          "versionEndExcluding" : "460.73.01",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
          "versionStartIncluding" : "460",
          "versionEndExcluding" : "462.31",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-21T23:15Z",
    "lastModifiedDate" : "2021-05-03T14:58Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1076",
        "ASSIGNER" : "psirt@nvidia.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-863"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*",
          "versionStartIncluding" : "390",
          "versionEndExcluding" : "390.143",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*",
          "versionStartIncluding" : "418",
          "versionEndExcluding" : "418.197.02",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
          "versionStartIncluding" : "418",
          "versionEndExcluding" : "427.33",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*",
          "versionStartIncluding" : "450",
          "versionEndExcluding" : "450.119.03",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
          "versionStartIncluding" : "450",
          "versionEndExcluding" : "452.96",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*",
          "versionStartIncluding" : "460",
          "versionEndExcluding" : "460.73.01",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
          "versionStartIncluding" : "460",
          "versionEndExcluding" : "462.31",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*",
          "versionStartIncluding" : "465",
          "versionEndExcluding" : "465.24.02",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
          "versionStartIncluding" : "465",
          "versionEndExcluding" : "466.11",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-21T23:15Z",
    "lastModifiedDate" : "2021-05-03T14:59Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1075",
        "ASSIGNER" : "psirt@nvidia.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-269"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of service, or escalation of privileges."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
          "versionStartIncluding" : "418",
          "versionEndExcluding" : "427.33",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
          "versionStartIncluding" : "450",
          "versionEndExcluding" : "452.96",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
          "versionStartIncluding" : "460",
          "versionEndExcluding" : "462.31",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
          "versionStartIncluding" : "465",
          "versionEndExcluding" : "466.11",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-21T23:15Z",
    "lastModifiedDate" : "2021-05-03T15:06Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1074",
        "ASSIGNER" : "psirt@nvidia.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "NVIDIA Windows GPU Display Driver for Windows, R390 driver branch, contains a vulnerability in its installer where an attacker with local system access may replace an application resource with malicious files. Such an attack may lead to code execution, escalation of privileges, denial of service, or information disclosure."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
          "versionStartIncluding" : "390",
          "versionEndExcluding" : "392.65",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-21T23:15Z",
    "lastModifiedDate" : "2021-05-03T15:03Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-23922",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://sourceforge.net/p/giflib/bugs/151/",
          "name" : "https://sourceforge.net/p/giflib/bugs/151/",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:giflib_project:giflib:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "5.1.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.1,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-21T18:15Z",
    "lastModifiedDate" : "2021-05-05T19:19Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28492",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-Other"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://public.support.unisys.com/common/public/vulnerability/NVD_Home.aspx",
          "name" : "https://public.support.unisys.com/common/public/vulnerability/NVD_Home.aspx",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=63",
          "name" : "https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=63",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, and 6.x before 6.0.037.0 stores passwords in a recoverable format."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:unisys:stealth:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "5.0",
          "versionEndExcluding" : "5.0.048.0",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:unisys:stealth:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "5.1.0",
          "versionEndExcluding" : "5.1.017.0",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:unisys:stealth:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.0",
          "versionEndExcluding" : "6.0.037.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.9,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.2,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-20T16:15Z",
    "lastModifiedDate" : "2021-05-04T15:03Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3506",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2520013.html",
          "name" : "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2520013.html",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://www.openwall.com/lists/oss-security/2021/03/28/2",
          "name" : "https://www.openwall.com/lists/oss-security/2021/03/28/2",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1944298",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1944298",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Third Party Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/08/1",
          "name" : "[oss-security] 20210508 Re: Linux kernel: f2fs: out-of-bounds memory access bug",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "5.12",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:5.12:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:5.12:rc1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:5.12:rc2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:5.12:rc3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.1,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 5.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 7.8,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-19T22:15Z",
    "lastModifiedDate" : "2021-05-08T09:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3505",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-331"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1950046",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1950046",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/stefanberger/libtpms/issues/183",
          "name" : "https://github.com/stefanberger/libtpms/issues/183",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NUCZX4S53TUNTSGTCRDNOQZV2V2RI4RJ/",
          "name" : "FEDORA-2021-cfdc434610",
          "refsource" : "FEDORA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:libtpms_project:libtpms:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "0.8.0",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-19T21:15Z",
    "lastModifiedDate" : "2021-05-05T03:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29458",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/Exiv2/exiv2/pull/1536",
          "name" : "https://github.com/Exiv2/exiv2/pull/1536",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5",
          "name" : "https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/Exiv2/exiv2/issues/1530",
          "name" : "https://github.com/Exiv2/exiv2/issues/1530",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ/",
          "name" : "FEDORA-2021-10d7331a31",
          "refsource" : "FEDORA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "0.27.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-19T19:15Z",
    "lastModifiedDate" : "2021-05-04T03:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29457",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-122"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/Exiv2/exiv2/issues/1529",
          "name" : "https://github.com/Exiv2/exiv2/issues/1529",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/Exiv2/exiv2/pull/1534",
          "name" : "https://github.com/Exiv2/exiv2/pull/1534",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm",
          "name" : "https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ/",
          "name" : "FEDORA-2021-10d7331a31",
          "refsource" : "FEDORA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "0.27.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-19T19:15Z",
    "lastModifiedDate" : "2021-05-04T03:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3493",
        "ASSIGNER" : "security@ubuntu.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-269"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.openwall.com/lists/oss-security/2021/04/16/1",
          "name" : "https://www.openwall.com/lists/oss-security/2021/04/16/1",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52",
          "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://ubuntu.com/security/notices/USN-4917-1",
          "name" : "https://ubuntu.com/security/notices/USN-4917-1",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html",
          "name" : "http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:lts:*:*:*",
          "versionEndExcluding" : "18.04",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:lts:*:*:*",
          "versionStartIncluding" : "18.04.1",
          "versionEndExcluding" : "20.04",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:-:*:*:*",
          "versionEndExcluding" : "20.10",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-17T05:15Z",
    "lastModifiedDate" : "2021-05-03T23:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28055",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-352"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/centreon/centreon/pull/9612",
          "name" : "https://github.com/centreon/centreon/pull/9612",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:centreon:centreon:20.10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-15T19:15Z",
    "lastModifiedDate" : "2021-05-05T18:59Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20288",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-287"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1938031",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1938031",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/362CEPPYF3YMJZBEJQUT3KDE2EHYYIYQ/",
          "name" : "FEDORA-2021-e29c1ee892",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BPIAYTRCWAU4XWCDBK2THEFVXSC4XGK/",
          "name" : "FEDORA-2021-e65b9fb52e",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "14.2.20",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.2,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.2,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-15T15:15Z",
    "lastModifiedDate" : "2021-05-04T19:21Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3487",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          }, {
            "lang" : "en",
            "value" : "CWE-400"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1947111",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1947111",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6V2LF5AVOUTHPYY2O5TRNAIXVMXFDGL/",
          "name" : "FEDORA-2021-d23d016509",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNBNDMJWZOQYCEZXENHBSM6DBZ332UZZ/",
          "name" : "FEDORA-2021-9bd201dd4d",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3Z3KSJY3CLAAFFT7FNFCJOMDITPQGN56/",
          "name" : "FEDORA-2021-7ca24ddc86",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "2.36",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.1
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-15T14:15Z",
    "lastModifiedDate" : "2021-05-04T12:55Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28242",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-77"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/b2evolution/b2evolution/issues/109",
          "name" : "https://github.com/b2evolution/b2evolution/issues/109",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Third Party Advisory" ]
        }, {
          "url" : "https://deadsh0t.medium.com/authenticated-boolean-based-blind-error-based-sql-injection-b752225f0644",
          "name" : "https://deadsh0t.medium.com/authenticated-boolean-based-blind-error-based-sql-injection-b752225f0644",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162489/b2evolution-7-2-2-SQL-Injection.html",
          "name" : "http://packetstormsecurity.com/files/162489/b2evolution-7-2-2-SQL-Injection.html",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "SQL Injection in the \"evoadm.php\" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the \"cf_name\" parameter when creating a new filter under the \"Collections\" tab."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:b2evolution:b2evolution:7.2.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-15T14:15Z",
    "lastModifiedDate" : "2021-05-06T17:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25314",
        "ASSIGNER" : "security@suse.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-378"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1182166",
          "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1182166",
          "refsource" : "CONFIRM",
          "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:suse:hawk2:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "2.6.3\\+git.1614685906.812c31e9-2.42.1",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:12:sp3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:suse:hawk2:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "2.6.3\\+git.1614684118.af555ad9",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:15:sp2:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:suse:hawk2:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "2.6.3\\+git.1614685906.812c31e9",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:12:sp5:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-14T15:15Z",
    "lastModifiedDate" : "2021-05-10T14:29Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29427",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-829"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://docs.gradle.org/7.0/release-notes.html#security-advisories",
          "name" : "https://docs.gradle.org/7.0/release-notes.html#security-advisories",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        }, {
          "url" : "https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395",
          "name" : "https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395",
          "refsource" : "CONFIRM",
          "tags" : [ "Exploit", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the \"A Confusing Dependency\" blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file. This may change how dependencies are resolved for Gradle plugins and build scripts. For builds that are vulnerable, there are two risks: 1) Information disclosure: Gradle could make dependency requests to repositories outside your organization and leak internal package identifiers. 2) Dependency poisoning/Dependency confusion: Gradle could download a malicious binary from a repository outside your organization due to name squatting. For a full example and more details refer to the referenced GitHub Security Advisory. The problem has been patched and released with Gradle 7.0. Users relying on this feature should upgrade their build as soon as possible. As a workaround, users may use a company repository which has the right rules for fetching packages from public repositories, or use project level repository content filtering, inside `buildscript.repositories`. This option is available since Gradle 5.1 when the feature was introduced."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "5.1",
          "versionEndExcluding" : "7.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.2,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.2,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 6.8,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-13T20:15Z",
    "lastModifiedDate" : "2021-05-05T18:41Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-0430",
        "ASSIGNER" : "security@android.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://source.android.com/security/bulletin/2021-04-01",
          "name" : "https://source.android.com/security/bulletin/2021-04-01",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162380/Android-NFC-Stack-Out-Of-Bounds-Write.html",
          "name" : "http://packetstormsecurity.com/files/162380/Android-NFC-Stack-Out-Of-Bounds-Write.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-178725766"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 10.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-13T19:15Z",
    "lastModifiedDate" : "2021-05-04T19:19Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29997",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support2.windriver.com/index.php?page=security-notices",
          "name" : "https://support2.windriver.com/index.php?page=security-notices",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2021-29997",
          "name" : "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2021-29997",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in Wind River VxWorks 7 before 21.03. A specially crafted packet may lead to buffer over-read on IKE."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "21.03",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.1,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.4
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-13T17:15Z",
    "lastModifiedDate" : "2021-05-05T15:13Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29425",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-22"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://issues.apache.org/jira/browse/IO-556",
          "name" : "https://issues.apache.org/jira/browse/IO-556",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc359823b5500e9a9a2572678ddb8e01d3505a7ffcadfa8d13b8780ab%40%3Cuser.commons.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/rc359823b5500e9a9a2572678ddb8e01d3505a7ffcadfa8d13b8780ab%40%3Cuser.commons.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rfd01af05babc95b8949e6d8ea78d9834699e1b06981040dde419a330@%3Cdev.commons.apache.org%3E",
          "name" : "[commons-dev] 20210414 Re: [all] OSS Fuzz",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r8efcbabde973ea72f5e0933adc48ef1425db5cde850bf641b3993f31@%3Cdev.commons.apache.org%3E",
          "name" : "[commons-dev] 20210415 Re: [all] OSS Fuzz",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r873d5ddafc0a68fd999725e559776dc4971d1ab39c0f5cc81bd9bc04@%3Ccommits.pulsar.apache.org%3E",
          "name" : "[pulsar-commits] 20210420 [GitHub] [pulsar] lhotari opened a new pull request #10287: [Security] Upgrade commons-io to address CVE-2021-29425",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0d73e2071d1f1afe1a15da14c5b6feb2cf17e3871168d5a3c8451436@%3Ccommits.pulsar.apache.org%3E",
          "name" : "[pulsar-commits] 20210420 [GitHub] [pulsar] merlimat merged pull request #10287: [Security] Upgrade commons-io to address CVE-2021-29425",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/raa053846cae9d497606027816ae87b4e002b2e0eb66cb0dee710e1f5@%3Cdev.creadur.apache.org%3E",
          "name" : "[creadur-dev] 20210427 [jira] [Created] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r8569a41d565ca880a4dee0e645dad1cd17ab4a92e68055ad9ebb7375@%3Cdev.creadur.apache.org%3E",
          "name" : "[creadur-dev] 20210427 [jira] [Commented] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r47ab6f68cbba8e730f42c4ea752f3a44eb95fb09064070f2476bb401@%3Cdev.creadur.apache.org%3E",
          "name" : "[creadur-dev] 20210427 [jira] [Closed] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rfa2f08b7c0caf80ca9f4a18bd875918fdd4e894e2ea47942a4589b9c@%3Cdev.creadur.apache.org%3E",
          "name" : "[creadur-dev] 20210427 [jira] [Updated] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r1c2f4683c35696cf6f863e3c107e37ec41305b1930dd40c17260de71@%3Ccommits.pulsar.apache.org%3E",
          "name" : "[pulsar-commits] 20210429 [pulsar] branch branch-2.7 updated: [Security] Upgrade commons-io to address CVE-2021-29425 (#10287)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r27b1eedda37468256c4bb768fde1e8b79b37ec975cbbfd0d65a7ac34@%3Cdev.myfaces.apache.org%3E",
          "name" : "[myfaces-dev] 20210504 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #808: build: CVE fix",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like \"//../foo\", or \"\\\\..\\foo\", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus \"limited\" path traversal), if the calling code would use the result to construct a path value."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:commons_io:2.2:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:commons_io:2.3:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:commons_io:2.4:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:commons_io:2.5:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:commons_io:2.6:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-13T07:15Z",
    "lastModifiedDate" : "2021-05-04T13:34Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28938",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://docs.siren.io/siren-federate-user-guide/22/siren-federate/release-notes.html",
          "name" : "https://docs.siren.io/siren-federate-user-guide/22/siren-federate/release-notes.html",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2-20.2, 7.7.x through 7.9.x before 7.9.3-21.6, 7.10.x before 7.10.2-22.2, and 7.11.x before 7.11.2-23.0 can leak user information across thread contexts. This occurs in opportunistic circumstances when there is concurrent query execution by a low-privilege user and a high-privilege user. The former query might run with the latter query's privileges."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:siren:federate:*:*:*:*:*:elasticsearch:*:*",
          "versionEndExcluding" : "6.8.14-10.3.9",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:siren:federate:*:*:*:*:*:elasticsearch:*:*",
          "versionStartIncluding" : "7.3.2-19.0",
          "versionEndExcluding" : "7.6.2-20.2",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:siren:federate:*:*:*:*:*:elasticsearch:*:*",
          "versionStartIncluding" : "7.7.1-20.0",
          "versionEndExcluding" : "7.9.3-21.6",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:siren:federate:*:*:*:*:*:elasticsearch:*:*",
          "versionStartIncluding" : "7.10.1-22.0",
          "versionEndExcluding" : "7.10.2-22.2",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-13T06:15Z",
    "lastModifiedDate" : "2021-05-04T16:07Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24231",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-352"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/f8ab6855-a319-47ac-82fb-58b181e77500",
          "name" : "https://wpscan.com/vulnerability/f8ab6855-a319-47ac-82fb-58b181e77500",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/",
          "name" : "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:patreon:patreon_wordpress:*:*:*:*:*:wordpress:*:*",
          "versionEndExcluding" : "1.7.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-12T14:15Z",
    "lastModifiedDate" : "2021-05-04T15:01Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24230",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-352"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/2deefa2d-3043-42e5-afef-a42c37703531",
          "name" : "https://wpscan.com/vulnerability/2deefa2d-3043-42e5-afef-a42c37703531",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/",
          "name" : "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited. If exploited, this bug can be used to overwrite the “wp_capabilities” meta, which contains the affected user account’s roles and privileges. Doing this would essentially lock them out of the site, blocking them from accessing paid content."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:patreon:patreon_wordpress:*:*:*:*:*:wordpress:*:*",
          "versionEndExcluding" : "1.7.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.1,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-12T14:15Z",
    "lastModifiedDate" : "2021-05-04T15:01Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21431",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          }, {
            "lang" : "en",
            "value" : "CWE-284"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/MirahezeBots/sopel-channelmgnt/security/advisories/GHSA-23c7-6444-399m",
          "name" : "https://github.com/MirahezeBots/sopel-channelmgnt/security/advisories/GHSA-23c7-6444-399m",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://pypi.org/project/sopel-plugins.channelmgnt/",
          "name" : "https://pypi.org/project/sopel-plugins.channelmgnt/",
          "refsource" : "MISC",
          "tags" : [ "Product", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/MirahezeBots/sopel-channelmgnt/commit/7c96d400358221e59135f0a0be0744f3fad73856",
          "name" : "https://github.com/MirahezeBots/sopel-channelmgnt/commit/7c96d400358221e59135f0a0be0744f3fad73856",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from other channels but due to the wonder that is IRC and following RfCs, We have no POC for that. Freenode is not affected. This is fixed in version 2.0.1. As a workaround, do not use this plugin on networks where TARGMAX > 1."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:mirahezebots:channelmgnt:*:*:*:*:*:sopel:*:*",
          "versionEndExcluding" : "2.0.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.1,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.7,
        "impactScore" : 5.8
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-09T16:15Z",
    "lastModifiedDate" : "2021-05-04T13:59Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25328",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-120"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://s3curityb3ast.github.io/KSA-Dev-011.md",
          "name" : "https://s3curityb3ast.github.io/KSA-Dev-011.md",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "http://seclists.org/fulldisclosure/2021/May/5",
          "name" : "20210504 KSA-Dev-0010:CVE-2021-25328:Authenticated Stack Overflow in Skyworth RN510 mesh Device",
          "refsource" : "FULLDISC",
          "tags" : [ ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162450/Shenzhen-Skyworth-RN510-Buffer-Overflow.html",
          "name" : "http://packetstormsecurity.com/files/162450/Shenzhen-Skyworth-RN510-Buffer-Overflow.html",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a buffer overflow vulnerability in /cgi-bin/app-staticIP.asp. An authenticated attacker can send a specially crafted request to endpoint which can lead to a denial of service (DoS) or possible code execution on the device."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:skyworthdigital:rn510_firmware:3.1.0.4:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:skyworthdigital:rn510:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-09T13:15Z",
    "lastModifiedDate" : "2021-05-04T21:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25327",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-352"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://s3curityb3ast.github.io/KSA-Dev-012.md",
          "name" : "https://s3curityb3ast.github.io/KSA-Dev-012.md",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://seclists.org/fulldisclosure/2021/May/6",
          "name" : "20210504 KSA-Dev-0011:CVE-2021-25327: Authenticated XSRF in Skyworth RN510 Mesh Extender",
          "refsource" : "FULLDISC",
          "tags" : [ ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162454/Shenzhen-Skyworth-RN510-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",
          "name" : "http://packetstormsecurity.com/files/162454/Shenzhen-Skyworth-RN510-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF) vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting (XSS)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:skyworthdigital:rn510_firmware:3.1.0.4:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:skyworthdigital:rn510:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-09T13:15Z",
    "lastModifiedDate" : "2021-05-04T21:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25326",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://s3curityb3ast.github.io/KSA-Dev-013.md",
          "name" : "https://s3curityb3ast.github.io/KSA-Dev-013.md",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "http://seclists.org/fulldisclosure/2021/May/8",
          "name" : "20210504 KSA-Dev-0012:CVE-2021-25326:Unauthenticated Sensitive information Discloser in Skyworth RN510 Mesh Extender",
          "refsource" : "FULLDISC",
          "tags" : [ ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162455/Shenzhen-Skyworth-RN510-Information-Disclosure.html",
          "name" : "http://packetstormsecurity.com/files/162455/Shenzhen-Skyworth-RN510-Information-Disclosure.html",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrect access control vulnerability in/cgi-bin/test_version.asp. If Wi-Fi is connected but an unauthenticated user visits a URL, the SSID password and web UI password may be disclosed."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:skyworthdigital:rn510_firmware:3.1.0.4:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:skyworthdigital:rn510:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.3,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-09T13:15Z",
    "lastModifiedDate" : "2021-05-04T21:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30159",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://phabricator.wikimedia.org/T272386",
          "name" : "https://phabricator.wikimedia.org/T272386",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4889",
          "name" : "DSA-4889",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/",
          "name" : "FEDORA-2021-f4223b6684",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/",
          "name" : "FEDORA-2021-d298103d3a",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html",
          "name" : "[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update",
          "refsource" : "MLIST",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html",
          "name" : "[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain \"fast double move\" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.31.12",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.32.0",
          "versionEndExcluding" : "1.35.2",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-09T07:15Z",
    "lastModifiedDate" : "2021-05-06T23:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30156",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-732"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://phabricator.wikimedia.org/T276306",
          "name" : "https://phabricator.wikimedia.org/T276306",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/",
          "name" : "FEDORA-2021-f4223b6684",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/",
          "name" : "FEDORA-2021-d298103d3a",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a \"hidden\" user exists."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.31.12",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.32.0",
          "versionEndExcluding" : "1.35.2",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-09T07:15Z",
    "lastModifiedDate" : "2021-05-03T20:00Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30155",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-862"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://phabricator.wikimedia.org/T270988",
          "name" : "https://phabricator.wikimedia.org/T270988",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Vendor Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4889",
          "name" : "DSA-4889",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/",
          "name" : "FEDORA-2021-f4223b6684",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/",
          "name" : "FEDORA-2021-d298103d3a",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html",
          "name" : "[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html",
          "name" : "[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.31.12",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.32.0",
          "versionEndExcluding" : "1.35.2",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-09T07:15Z",
    "lastModifiedDate" : "2021-05-06T23:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30152",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-732"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://phabricator.wikimedia.org/T270713",
          "name" : "https://phabricator.wikimedia.org/T270713",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Vendor Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4889",
          "name" : "DSA-4889",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/",
          "name" : "FEDORA-2021-f4223b6684",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/",
          "name" : "FEDORA-2021-d298103d3a",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html",
          "name" : "[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html",
          "name" : "[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to \"protect\" a page, a user is currently able to protect to a higher level than they currently have permissions for."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.31.13",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.32.0",
          "versionEndExcluding" : "1.35.2",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-09T07:15Z",
    "lastModifiedDate" : "2021-05-06T23:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3482",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-119"
          }, {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1946314",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1946314",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ/",
          "name" : "FEDORA-2021-10d7331a31",
          "refsource" : "FEDORA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "0.27.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exiv2:exiv2:0.27.4:rc1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "LOW",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.5
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.4
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-08T23:15Z",
    "lastModifiedDate" : "2021-05-04T03:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3448",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-358"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1939368",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1939368",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHURNEHHUBSW45KMIZ4FNBCSUPWPGV5V/",
          "name" : "FEDORA-2021-62a5062b2d",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHG7GWSQWKF7JXIMLOGJBKZWBB4VIAJ7/",
          "name" : "FEDORA-2021-9433bedebd",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVTJUOFFFHINLKWAOC2ZSC5MOPD4SJ24/",
          "name" : "FEDORA-2021-5cd2571751",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "2.85",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.0,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.2,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-08T23:15Z",
    "lastModifiedDate" : "2021-05-04T19:14Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29154",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-77"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.openwall.com/lists/oss-security/2021/04/08/1",
          "name" : "https://www.openwall.com/lists/oss-security/2021/04/08/1",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://news.ycombinator.com/item?id=26757760",
          "name" : "https://news.ycombinator.com/item?id=26757760",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/",
          "name" : "FEDORA-2021-e71c033f88",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html",
          "name" : "http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "5.11.12",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-08T21:15Z",
    "lastModifiedDate" : "2021-05-03T23:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21425",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-284"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://pentest.blog/unexpected-journey-7-gravcms-unauthenticated-arbitrary-yaml-write-update-leads-to-code-execution/",
          "name" : "https://pentest.blog/unexpected-journey-7-gravcms-unauthenticated-arbitrary-yaml-write-update-leads-to-code-execution/",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/getgrav/grav-plugin-admin/security/advisories/GHSA-6f53-6qgv-39pj",
          "name" : "https://github.com/getgrav/grav-plugin-admin/security/advisories/GHSA-6f53-6qgv-39pj",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162283/GravCMS-1.10.7-Remote-Command-Execution.html",
          "name" : "http://packetstormsecurity.com/files/162283/GravCMS-1.10.7-Remote-Command-Execution.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162457/GravCMS-1.10.7-Remote-Command-Execution.html",
          "name" : "http://packetstormsecurity.com/files/162457/GravCMS-1.10.7-Remote-Command-Execution.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:getgrav:grav-plugin-admin:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.10.8",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-07T19:15Z",
    "lastModifiedDate" : "2021-05-05T14:24Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30184",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-120"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html",
          "name" : "https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html",
          "name" : "https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXOTMUSBVUZNA3JMPG6BU37DQW2YOJWS/",
          "name" : "FEDORA-2021-a58cb9bc7a",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QC74RWMDLSQGV6Z3ZABNTPABB33S4YNF/",
          "name" : "FEDORA-2021-2c714d311f",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SOGPLC77ZL2FACSOE5MWDS3YH3RBNQAQ/",
          "name" : "FEDORA-2021-ff3297913b",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:gnu:chess:6.2.7:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-07T12:15Z",
    "lastModifiedDate" : "2021-05-04T13:35Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-36309",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/openresty/lua-nginx-module/compare/v0.10.15...v0.10.16",
          "name" : "https://github.com/openresty/lua-nginx-module/compare/v0.10.15...v0.10.16",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/openresty/lua-nginx-module/pull/1654",
          "name" : "https://github.com/openresty/lua-nginx-module/pull/1654",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://news.ycombinator.com/item?id=26712562",
          "name" : "https://news.ycombinator.com/item?id=26712562",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210507-0005/",
          "name" : "https://security.netapp.com/advisory/ntap-20210507-0005/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:openresty:lua-nginx-module:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "0.10.16",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-06T19:15Z",
    "lastModifiedDate" : "2021-05-07T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30158",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-287"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://phabricator.wikimedia.org/T277009",
          "name" : "https://phabricator.wikimedia.org/T277009",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Vendor Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4889",
          "name" : "DSA-4889",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/",
          "name" : "FEDORA-2021-f4223b6684",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/",
          "name" : "FEDORA-2021-d298103d3a",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html",
          "name" : "[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html",
          "name" : "[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.31.12",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.32.0",
          "versionEndExcluding" : "1.35.2",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-06T07:15Z",
    "lastModifiedDate" : "2021-05-06T23:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30157",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://phabricator.wikimedia.org/T278058",
          "name" : "https://phabricator.wikimedia.org/T278058",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4889",
          "name" : "DSA-4889",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/",
          "name" : "FEDORA-2021-f4223b6684",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/",
          "name" : "FEDORA-2021-d298103d3a",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.31.12",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.32.0",
          "versionEndExcluding" : "1.35.2",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-06T07:15Z",
    "lastModifiedDate" : "2021-05-03T19:55Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-30154",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://phabricator.wikimedia.org/T278014",
          "name" : "https://phabricator.wikimedia.org/T278014",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4889",
          "name" : "DSA-4889",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/",
          "name" : "FEDORA-2021-f4223b6684",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/",
          "name" : "FEDORA-2021-d298103d3a",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.31.12",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.32.0",
          "versionEndExcluding" : "1.35.2",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-06T07:15Z",
    "lastModifiedDate" : "2021-05-03T20:03Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24209",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://plugins.trac.wordpress.org/changeset/2496238/wp-super-cache",
          "name" : "https://plugins.trac.wordpress.org/changeset/2496238/wp-super-cache",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://m0ze.ru/vulnerability/[2021-03-13]-[WordPress]-[CWE-94]-WP-Super-Cache-WordPress-Plugin-v1.7.1.txt",
          "name" : "https://m0ze.ru/vulnerability/[2021-03-13]-[WordPress]-[CWE-94]-WP-Super-Cache-WordPress-Plugin-v1.7.1.txt",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://wpscan.com/vulnerability/733d8a02-0d44-4b78-bbb2-37e447acd2f3",
          "name" : "https://wpscan.com/vulnerability/733d8a02-0d44-4b78-bbb2-37e447acd2f3",
          "refsource" : "CONFIRM",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:automattic:wp_super_cache:*:*:*:*:*:wordpress:*:*",
          "versionEndExcluding" : "1.7.2",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.2,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.2,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 9.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 8.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-05T19:15Z",
    "lastModifiedDate" : "2021-05-04T15:02Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-24207",
        "ASSIGNER" : "contact@wpscan.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-863"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://wpscan.com/vulnerability/21e7a46f-e9a3-4b20-b44a-a5b6ce7b7ce6",
          "name" : "https://wpscan.com/vulnerability/21e7a46f-e9a3-4b20-b44a-a5b6ce7b7ce6",
          "refsource" : "CONFIRM",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://www.themeum.com/wp-page-builder-updated-v1-2-4/",
          "name" : "https://www.themeum.com/wp-page-builder-updated-v1-2-4/",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:themeum:wp_page_builder:*:*:*:*:*:wordpress:*:*",
          "versionEndExcluding" : "1.2.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-05T19:15Z",
    "lastModifiedDate" : "2021-05-04T15:02Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1844",
        "ASSIGNER" : "product-security@apple.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-119"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.apple.com/en-us/HT212222",
          "name" : "https://support.apple.com/en-us/HT212222",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://support.apple.com/en-us/HT212223",
          "name" : "https://support.apple.com/en-us/HT212223",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://support.apple.com/en-us/HT212220",
          "name" : "https://support.apple.com/en-us/HT212220",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://support.apple.com/en-us/HT212221",
          "name" : "https://support.apple.com/en-us/HT212221",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/",
          "name" : "FEDORA-2021-864dc37032",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://support.apple.com/kb/HT212323",
          "name" : "https://support.apple.com/kb/HT212323",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://seclists.org/fulldisclosure/2021/Apr/55",
          "name" : "20210427 APPLE-SA-2021-04-26-6 tvOS 14.5",
          "refsource" : "FULLDISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "14.0.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "14.4.1",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "14.4.1",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "11.2.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "14.5",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "7.3.2",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-02T19:15Z",
    "lastModifiedDate" : "2021-05-04T19:35Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1806",
        "ASSIGNER" : "product-security@apple.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-362"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.apple.com/en-us/HT212177",
          "name" : "https://support.apple.com/en-us/HT212177",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://support.apple.com/kb/HT212327",
          "name" : "https://support.apple.com/kb/HT212327",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://seclists.org/fulldisclosure/2021/Apr/54",
          "name" : "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave",
          "refsource" : "FULLDISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "10.14",
          "versionEndExcluding" : "10.14.6",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "10.15",
          "versionEndExcluding" : "10.15.7",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "11.0",
          "versionEndExcluding" : "11.2.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.0,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.0,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "HIGH",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.6
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 4.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-02T19:15Z",
    "lastModifiedDate" : "2021-05-04T19:35Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1805",
        "ASSIGNER" : "product-security@apple.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.apple.com/en-us/HT212177",
          "name" : "https://support.apple.com/en-us/HT212177",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://support.apple.com/kb/HT212327",
          "name" : "https://support.apple.com/kb/HT212327",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://seclists.org/fulldisclosure/2021/Apr/54",
          "name" : "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave",
          "refsource" : "FULLDISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "10.14",
          "versionEndExcluding" : "10.14.6",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "10.15",
          "versionEndExcluding" : "10.15.7",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "11.0",
          "versionEndExcluding" : "11.2",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 9.3
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 8.6,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-02T19:15Z",
    "lastModifiedDate" : "2021-05-04T19:35Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1797",
        "ASSIGNER" : "product-security@apple.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.apple.com/en-us/HT212146",
          "name" : "https://support.apple.com/en-us/HT212146",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://support.apple.com/en-us/HT212149",
          "name" : "https://support.apple.com/en-us/HT212149",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://support.apple.com/en-us/HT212147",
          "name" : "https://support.apple.com/en-us/HT212147",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://support.apple.com/en-us/HT212148",
          "name" : "https://support.apple.com/en-us/HT212148",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://support.apple.com/kb/HT212326",
          "name" : "https://support.apple.com/kb/HT212326",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://support.apple.com/kb/HT212327",
          "name" : "https://support.apple.com/kb/HT212327",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://seclists.org/fulldisclosure/2021/Apr/51",
          "name" : "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
          "refsource" : "FULLDISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "14.4",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "14.4",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "10.14.6",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "10.15",
          "versionEndExcluding" : "10.15.7",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "11.0.1",
          "versionEndExcluding" : "11.2",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "14.4",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "7.3",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-02T19:15Z",
    "lastModifiedDate" : "2021-05-04T19:35Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-27897",
        "ASSIGNER" : "product-security@apple.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.apple.com/en-us/HT212011",
          "name" : "https://support.apple.com/en-us/HT212011",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://support.apple.com/en-us/HT211931",
          "name" : "https://support.apple.com/en-us/HT211931",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-486/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-486/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "10.14",
          "versionEndExcluding" : "10.14.6",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "10.15",
          "versionEndExcluding" : "10.15.7",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "11.0",
          "versionEndExcluding" : "11.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-02T18:15Z",
    "lastModifiedDate" : "2021-05-04T13:52Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3447",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-532"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1939349",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1939349",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RUTGO4RS4ZXZSPBU2CHVPT75IAFVTTL3/",
          "name" : "FEDORA-2021-c1116fb75e",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MS4VPUYVLGSAKOX26IT52BSMEZRZ3KS/",
          "name" : "FEDORA-2021-4a17f0225d",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZ75MAMVQVZROPYHMRDQKPPVASP63DG/",
          "name" : "FEDORA-2021-0414eb891b",
          "refsource" : "FEDORA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.2.2",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "3.8.2",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-01T18:15Z",
    "lastModifiedDate" : "2021-05-03T04:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20291",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-667"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1939485",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1939485",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5D7XL7FL24TWFMGQ3K2S72EOUSLZMKL/",
          "name" : "FEDORA-2021-ec00da7faa",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNMB7O2UIXE34PGSCSOULGHPX5LIJBMM/",
          "name" : "FEDORA-2021-83b3740389",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WX24EITRXVHDM5M223BVTJA2ODF2FSHI/",
          "name" : "FEDORA-2021-a3703b9dc8",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPYOHNG2Q7DCAQZMGYLMENLKALGDLG3X/",
          "name" : "FEDORA-2021-c56a213327",
          "refsource" : "FEDORA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:storage_project:storage:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.28.1",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.1
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-04-01T18:15Z",
    "lastModifiedDate" : "2021-05-06T14:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28165",
        "ASSIGNER" : "security@eclipse.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-400"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w",
          "name" : "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w",
          "refsource" : "CONFIRM",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r9db72e9c33b93eba45a214af588f1d553839b5c3080fc913854a49ab@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra210e38ae0bf615084390b26ba01bb5d66c0a76f232277446ae0948a@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rbcd7b477df55857bb6cae21fcc4404683ac98aac1a47551f0dc55486@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re6614b4fe7dbb945409daadb9e1cc73c02383df68bf9334736107a6e@%3Cdev.zookeeper.apache.org%3E",
          "name" : "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5f172f2dd8fb02f032ef4437218fd4f610605a3dd4f2a024c1e43b94@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r17e26cf9a1e3cbc09522d15ece5d7c7a00cdced7641b92a22a783287@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re577736ca7da51952c910b345a500b7676ea9931c9b19709b87f292b@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.38 CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r56e5568ac73daedcb3b5affbb4b908999f03d3c1b1ada3920b01e959@%3Cdev.zookeeper.apache.org%3E",
          "name" : "[zookeeper-dev] 20210407 Re: [VOTE] Apache ZooKeeper release 3.6.3 candidate 1",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra21b3e6bd9669377139fe33fb46edf6fece3f31375bc42a0dcc964b2@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rbba0b02a3287e34af328070dd58f7828612f96e2e64992137f4dc63d@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r002258611ed0c35b82b839d284b43db9dcdec120db8afc1c993137dc@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rdf4fe435891e8c35e70ea5da033b4c3da78760f15a8c4212fad89d9f@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc907ed7b089828364437de5ed57fa062330970dc1bc5cd214b711f77@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6.3 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r7bf7004c18c914fae3d5a6a0191d477e5b6408d95669b3afbf6efa36@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra9dd15ba8a4fb7e42c7fe948a6d6b3868fd6bbf8e3fb37fcf33b2cd0@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] asfgit closed pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rf99f9a25ca24fe519c9346388f61b5b3a09be31b800bf37f01473ad7@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r33eb3889ca0aa12720355e64fc2f8f1e8c0c28a4d55b3b4b8891becb@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20210407 [zookeeper] branch master updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb11a13e623218c70b9f2a2d0d122fdaaf905e04a2edcd23761894464@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad closed pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0a241b0649beef90d422b42a26a2470d336e59e66970eafd54f9c3e2@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4abbd760d24bab2b8f1294c5c9216ae915100099c4391ad64e9ae38b@%3Cdev.hbase.apache.org%3E",
          "name" : "[hbase-dev] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rdbf2a2cd1800540ae50dd78b57411229223a6172117d62b8e57596aa@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra50519652b0b7f869a14fbfb4be9758a29171d7fe561bb7e036e8449@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] apurtell opened a new pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rbab9e67ec97591d063905bc7d4743e6a673f1bc457975fc0445ac97f@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0f02034a33076fd7243cf3a8807d2766e373f5cb2e7fd0c9a78f97c4@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210407 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r03ca0b69db1e3e5f72fe484b71370d537cd711cbf334e2913332730a@%3Cissues.spark.apache.org%3E",
          "name" : "[spark-issues] 20210408 [jira] [Created] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5d1f16dca2e010193840068f1a1ec17b7015e91acc646607cbc0a4da@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r942f4a903d0abb25ac75c592e57df98dea51350e8589269a72fd7913@%3Cissues.spark.apache.org%3E",
          "name" : "[spark-issues] 20210408 [jira] [Assigned] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r7c40fb3a66a39b6e6c83b0454bc6917ffe6c69e3131322be9c07a1da@%3Cissues.spark.apache.org%3E",
          "name" : "[spark-issues] 20210408 [jira] [Updated] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r83453ec252af729996476e5839d0b28f07294959d60fea1bd76f7d81@%3Cissues.spark.apache.org%3E",
          "name" : "[spark-issues] 20210408 [jira] [Commented] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r940f15db77a96f6aea92d830bc94d8d95f26cc593394d144755824da@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb8f5a6ded384eb00608e6137e87110e7dd7d5054cc34561cb89b81af@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rf6de4c249bd74007f5f66f683c110535f46e719d2f83a41e8faf295f@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r769155244ca2da2948a44091bb3bb9a56e7e1c71ecc720b8ecf281f0@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r31f591a0deac927ede8ccc3eac4bb92697ee2361bf01549f9e3440ca@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc6c43c3180c0efe00497c73dd374cd34b62036cb67987ad42c1f2dce@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2f2d9c3b7cc750a6763d6388bcf5db0c7b467bd8be6ac4d6aea4f0cf@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] HyukjinKwon commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r9b793db9f395b546e66fb9c44fe1cd75c7755029e944dfee31b8b779@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rdfe5f1c071ba9dadba18d7fb0ff13ea6ecb33da624250c559999eaeb@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] sarutak commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb66ed0b4bb74836add60dd5ddf9172016380b2aeefb7f96fe348537b@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk closed pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rae8bbc5a516f3e21b8a55e61ff6ad0ced03bdbd116d2170a3eed9f5c@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re3a1617d16a7367f767b8209b2151f4c19958196354b39568c532f26@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rfd3ff6e66b6bbcfb2fefa9f5a20328937c0369b2e142e3e1c6774743@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0cd1a5e3f4ad4770b44f8aa96572fc09d5b35bec149c0cc247579c42@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r9fae5a4087d9ed1c9d4f0c7493b6981a4741cfb4bebb2416da638424@%3Cissues.spark.apache.org%3E",
          "name" : "[spark-issues] 20210408 [jira] [Resolved] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb00345f6b1620b553d2cc1acaf3017aa75cea3776b911e024fa3b187@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb1624b9777a3070135e94331a428c6653a6a1edccd56fa9fb7a547f2@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rbd9a837a18ca57ac0d9b4165a6eec95ee132f55d025666fe41099f33@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ree1895a256a9db951e0d97a76222909c2e1f28c1a3d89933173deed6@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/raea6e820644e8c5a577f77d4e2044f8ab52183c2536b00c56738beef@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd6c1eb9a8a94b3ac8a525d74d792924e8469f201b77e1afcf774e7a6@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb2d34abb67cdf525945fe4b821c5cdbca29a78d586ae1f9f505a311c@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r06d54a297cb8217c66e5190912a955fb870ba47da164002bf2baffe5@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r05db8e0ef01e1280cc7543575ae0fa1c2b4d06a8b928916ef65dd2ad@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r71031d0acb1de55c9ab32f4750c50ce2f28543252e887ca03bd5621e@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r72bf813ed4737196ea3ed26494e949577be587fd5939fe8be09907c7@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r746434be6abff9ad321ff54ecae09e1f09c1c7c139021f40a5774090@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6ce2907b2691c025250ba010bc797677ef78d5994d08507a2e5477c9@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rdde34d53aa80193cda016272d61e6749f8a9044ccb37a30768938f7e@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r23785214d47673b811ef119ca3a40f729801865ea1e891572d15faa6@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rf1b02dfccd27b8bbc3afd119b212452fa32e9ed7d506be9357a3a7ec@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] viirya commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r411d75dc6bcefadaaea246549dd18e8d391a880ddf28a796f09ce152@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun edited a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd24d8a059233167b4a5aebda4b3534ca1d86caa8a85b10a73403ee97@%3Ccommits.spark.apache.org%3E",
          "name" : "[spark-commits] 20210408 [spark] branch branch-2.4 updated: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r47a7542ab61da865fff3db0fe74bfe76c89a37b6e6d2c2a423f8baee@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2afc72af069a7fe89ca2de847f3ab3971cb1d668a9497c999946cd78@%3Ccommits.spark.apache.org%3E",
          "name" : "[spark-commits] 20210408 [spark] branch branch-3.0 updated: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0a4797ba6ceea8074f47574a4f3cc11493d514c1fab8203ebd212add@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun closed pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r7189bf41cb0c483629917a01cf296f9fbdbda3987084595192e3845d@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210408 [GitHub] [hbase-thirdparty] apurtell merged pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re0545ecced2d468c94ce4dcfa37d40a9573cc68ef5f6839ffca9c1c1@%3Ccommits.hbase.apache.org%3E",
          "name" : "[hbase-commits] 20210408 [hbase-thirdparty] branch master updated: HBASE-25746 [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165 (#49)",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4891d45625cc522fe0eb764ac50d48bcca9c0db4805ea4a998d4c225@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210408 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to >= 9.4.39 due to CVE-2021-28165",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r520c56519b8820955a86966f499e7a0afcbcf669d6f7da59ef1eb155@%3Ccommits.pulsar.apache.org%3E",
          "name" : "[pulsar-commits] 20210409 [GitHub] [pulsar] dinghram opened a new pull request #10183: CVE-2021-28165-Jetty",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rfc9f51b4e21022b3cd6cb6f90791a6a6999560212e519b5f09db0aed@%3Ccommits.pulsar.apache.org%3E",
          "name" : "[pulsar-commits] 20210409 [GitHub] [pulsar] merlimat commented on pull request #10183: CVE-2021-28165-Jetty",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6535b2beddf0ed2d263ab64ff365a5f790df135a1a2f45786417adb7@%3Cdev.kafka.apache.org%3E",
          "name" : "[kafka-dev] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r65daad30d13f7c56eb5c3d7733ad8dddbf62c469175410777a78d812@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc4779abc1cface47e956cf9f8910f15d79c24477e7b1ac9be076a825@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210412 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r90327f55db8f1d079f9a724aabf1f5eb3c00c1de49dc7fd04cad1ebc@%3Ccommits.pulsar.apache.org%3E",
          "name" : "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai commented on pull request #10183: CVE-2021-28165-Jetty",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rcdea97f4d3233298296aabc103c9fcefbf629425418c2b69bb16745f@%3Ccommits.pulsar.apache.org%3E",
          "name" : "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai closed pull request #10183: CVE-2021-28165-Jetty",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0bf3aa065abd23960fc8bdc8090d6bc00d5e391cf94ec4e1f4537ae3@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210412 [jira] [Assigned] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r077b76cafb61520c14c87c4fc76419ed664002da0ddac5ad851ae7e7@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E",
          "name" : "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E",
          "name" : "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd755dfe5f658c42704540ad7950cebd136739089c3231658e398cf38@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6f256a1d15505f79f4050a69bb8f27b34cb353604dd2f765c9da5df7@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 merged pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc4dbc9907b0bdd634200ac90a15283d9c143c11af66e7ec72128d020@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210413 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6b070441871a4e6ce8bb63e190c879bb60da7c5e15023de29ebd4f9f@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210413 [GitHub] [kafka] edwin092 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r694e57d74fcaa48818a03c282aecfa13ae68340c798dfcb55cb7acc7@%3Cdev.kafka.apache.org%3E",
          "name" : "[kafka-dev] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd9ea411a58925cc82c32e15f541ead23cb25b4b2d57a2bdb0341536e@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r81748d56923882543f5be456043c67daef84d631cf54899082058ef1@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210413 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E",
          "name" : "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/04/20/3",
          "name" : "[oss-security] 20210420 Vulnerability in Jenkins",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E",
          "name" : "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E",
          "name" : "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E",
          "name" : "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E",
          "name" : "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.2.2",
          "versionEndExcluding" : "9.4.39",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "10.0.0",
          "versionEndExcluding" : "10.0.2",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "11.0.0",
          "versionEndExcluding" : "11.0.2",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.8
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-01T15:15Z",
    "lastModifiedDate" : "2021-05-07T16:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28164",
        "ASSIGNER" : "security@eclipse.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-200"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5",
          "name" : "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5",
          "refsource" : "CONFIRM",
          "tags" : [ "Mitigation", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E",
          "name" : "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E",
          "name" : "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E",
          "name" : "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E",
          "name" : "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E",
          "name" : "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E",
          "name" : "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E",
          "name" : "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:eclipse:jetty:9.4.37:20210219:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:eclipse:jetty:9.4.38:20210224:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-01T15:15Z",
    "lastModifiedDate" : "2021-05-07T16:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28163",
        "ASSIGNER" : "security@eclipse.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-59"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq",
          "name" : "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq",
          "refsource" : "CONFIRM",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E",
          "name" : "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E",
          "name" : "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E",
          "name" : "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r787e47297a614b05b99d01b04c8a1d6c0cafb480c9cb7c624a6b8fc3@%3Cissues.solr.apache.org%3E",
          "name" : "[solr-issues] 20210414 [jira] [Created] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E",
          "name" : "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E",
          "name" : "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E",
          "name" : "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HAAKW7S66TECXGJZWB3ZFGOQAK34IYHF/",
          "name" : "FEDORA-2021-444e38face",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5CXQIJVYU4R3JL6LSPXQ5GIV7WLLA7PI/",
          "name" : "FEDORA-2021-35f06984d7",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGNKXBNRRCZTGGXPIX3VBWCF2SAM3DWS/",
          "name" : "FEDORA-2021-fd66b2bd53",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E",
          "name" : "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.4.32",
          "versionEndExcluding" : "9.4.39",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:eclipse:jetty:10.0.0:beta2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:eclipse:jetty:10.0.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:eclipse:jetty:11.0.0:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:eclipse:jetty:11.0.0:beta2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:eclipse:jetty:11.0.0:beta3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:eclipse:jetty:11.0.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.7,
          "baseSeverity" : "LOW"
        },
        "exploitabilityScore" : 1.2,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-01T15:15Z",
    "lastModifiedDate" : "2021-05-07T16:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3393",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-209"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1924005",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1924005",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Third Party Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210507-0006/",
          "name" : "https://security.netapp.com/advisory/ntap-20210507-0006/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "11.11",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "12.0",
          "versionEndExcluding" : "12.6",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "13.0",
          "versionEndExcluding" : "13.2",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-01T14:15Z",
    "lastModifiedDate" : "2021-05-07T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-29251",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/btcpayserver/btcpayserver/releases/tag/v1.0.7.1",
          "name" : "https://github.com/btcpayserver/btcpayserver/releases/tag/v1.0.7.1",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Third Party Advisory" ]
        }, {
          "url" : "https://blog.btcpayserver.org/vulnerability-disclosure-v1-0-7-0/",
          "name" : "https://blog.btcpayserver.org/vulnerability-disclosure-v1-0-7-0/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). This affects Docker use cases in which a mail server is configured."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:btcpayserver:btcpay_server:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.0.7.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-04-01T05:15Z",
    "lastModifiedDate" : "2021-05-05T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21983",
        "ASSIGNER" : "security@vmware.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.vmware.com/security/advisories/VMSA-2021-0004.html",
          "name" : "https://www.vmware.com/security/advisories/VMSA-2021-0004.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html",
          "name" : "http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmare:vrealize_operations_manager:7.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmare:vrealize_operations_manager:7.5.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmare:vrealize_operations_manager:8.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmare:vrealize_operations_manager:8.0.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmare:vrealize_operations_manager:8.1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmare:vrealize_operations_manager:8.1.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmare:vrealize_operations_manager:8.2.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmare:vrealize_operations_manager:8.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmware:cloud_foundation:3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmware:cloud_foundation:3.0.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmware:cloud_foundation:3.0.1.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmware:cloud_foundation:3.5:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmware:cloud_foundation:3.5.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmware:cloud_foundation:3.7:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmware:cloud_foundation:3.7.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmware:cloud_foundation:3.7.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmware:cloud_foundation:3.8:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmware:cloud_foundation:3.8.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmware:cloud_foundation:3.9:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmware:cloud_foundation:3.9.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmware:cloud_foundation:3.10:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.2,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 8.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 8.0,
        "impactScore" : 9.2,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-31T18:15Z",
    "lastModifiedDate" : "2021-05-05T14:23Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28657",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-835"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E",
          "name" : "[james-notifications] 20210501 [GitHub] [james-project] chibenwa opened a new pull request #414: [UPGRADE] Adopt Apache Tika 1.26",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210507-0004/",
          "name" : "https://security.netapp.com/advisory/ntap-20210507-0004/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "1.25",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-03-31T08:15Z",
    "lastModifiedDate" : "2021-05-07T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21409",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-444"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295",
          "name" : "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
          "name" : "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj",
          "name" : "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432",
          "name" : "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4885",
          "name" : "DSA-4885",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de@%3Cdev.zookeeper.apache.org%3E",
          "name" : "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210408 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210408 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] ayushmantri opened a new pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210408 [jira] [Updated] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] arshadmohammad commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20210408 [zookeeper] branch master updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210408 [jira] [Resolved] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] asfgit closed pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210408 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20210408 [zookeeper] 01/02: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210409 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35@%3Ccommits.pulsar.apache.org%3E",
          "name" : "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari opened a new pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8@%3Ccommits.pulsar.apache.org%3E",
          "name" : "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari commented on pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed@%3Ccommits.pulsar.apache.org%3E",
          "name" : "[pulsar-commits] 20210420 [GitHub] [pulsar] eolivelli merged pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898@%3Cdev.flink.apache.org%3E",
          "name" : "[flink-dev] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20210426 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210506 [GitHub] [kafka] dongjinleekr opened a new pull request #10642: KAFKA-12756: Update Zookeeper to 3.6.3 or higher",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "4.1.61",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "3.6.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.7.0",
          "versionEndExcluding" : "3.7.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.9,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.2,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-30T15:15Z",
    "lastModifiedDate" : "2021-05-06T16:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3466",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-120"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1939127",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1939127",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4334XJNDJPYQNFE6S3S2KUJJ7TMHYCWL/",
          "name" : "FEDORA-2021-6d5578e756",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K5NEPVGP3L2CZHLZ4UB44PEILHKPDBOG/",
          "name" : "FEDORA-2021-d4149ff7fb",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/75HDMREKITMGPGE62NP7KE62ZJVLETXN/",
          "name" : "FEDORA-2021-5e10ad8c19",
          "refsource" : "FEDORA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A flaw was found in libmicrohttpd in versions before 0.9.71. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "0.9.71",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 10.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-25T19:15Z",
    "lastModifiedDate" : "2021-05-05T03:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3450",
        "ASSIGNER" : "openssl-security@openssl.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-295"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b",
          "name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b",
          "refsource" : "CONFIRM",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://www.openssl.org/news/secadv/20210325.txt",
          "name" : "https://www.openssl.org/news/secadv/20210325.txt",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd",
          "name" : "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
          "refsource" : "CISCO",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210326-0006/",
          "name" : "https://security.netapp.com/advisory/ntap-20210326-0006/",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc",
          "name" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/03/27/1",
          "name" : "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/03/27/2",
          "name" : "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/03/28/3",
          "name" : "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/03/28/4",
          "name" : "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202103-03",
          "name" : "GLSA-202103-03",
          "refsource" : "GENTOO",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.tenable.com/security/tns-2021-05",
          "name" : "https://www.tenable.com/security/tns-2021-05",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/",
          "name" : "FEDORA-2021-cbf14ab8f9",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.tenable.com/security/tns-2021-08",
          "name" : "https://www.tenable.com/security/tns-2021-08",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10356",
          "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10356",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html",
          "name" : "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.1.1h",
          "versionEndExcluding" : "1.1.1k",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:12.2:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:12.2:p1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:12.2:p2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:santricity_smi-s_provider_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:storagegrid_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:storagegrid:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:windriver:linux:-:*:*:*:cd:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:windriver:linux:17.0:*:*:*:lts:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:windriver:linux:18.0:*:*:*:lts:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:windriver:linux:19.0:*:*:*:lts:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "8.13.1",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.2.1",
          "versionEndIncluding" : "8.2.3",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.4,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.2,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-25T15:15Z",
    "lastModifiedDate" : "2021-05-06T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3409",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-119"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.openwall.com/lists/oss-security/2021/03/09/1",
          "name" : "https://www.openwall.com/lists/oss-security/2021/03/09/1",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1928146",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1928146",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html",
          "name" : "[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210507-0001/",
          "name" : "https://security.netapp.com/advisory/ntap-20210507-0001/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "5.2.0",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "LOW",
          "baseScore" : 5.7,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.5,
        "impactScore" : 3.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-23T21:15Z",
    "lastModifiedDate" : "2021-05-07T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3392",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-416"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1924042",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1924042",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://bugs.launchpad.net/qemu/+bug/1914236",
          "name" : "https://bugs.launchpad.net/qemu/+bug/1914236",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html",
          "name" : "[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210507-0001/",
          "name" : "https://security.netapp.com/advisory/ntap-20210507-0001/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.10.0",
          "versionEndIncluding" : "5.2.0",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "LOW",
          "baseScore" : 3.2,
          "baseSeverity" : "LOW"
        },
        "exploitabilityScore" : 1.5,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-23T20:15Z",
    "lastModifiedDate" : "2021-05-07T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20270",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-835"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1922136",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1922136",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4889",
          "name" : "DSA-4889",
          "refsource" : "DEBIAN",
          "tags" : [ ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html",
          "name" : "[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html",
          "name" : "[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the \"exception\" keyword."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:pygments:pygments:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.5",
          "versionEndIncluding" : "2.7.3",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redhat:openstack_platform:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-23T17:15Z",
    "lastModifiedDate" : "2021-05-06T23:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-26295",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-502"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://lists.apache.org/thread.html/r3c1802eaf34aa78a61b4e8e044c214bc94accbd28a11f3a276586a31%40%3Cuser.ofbiz.apache.org%3E",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6e4579c4ebf7efeb462962e359501c6ca4045687f12212551df2d607@%3Cnotifications.ofbiz.apache.org%3E",
          "name" : "[ofbiz-notifications] 20210324 [jira] [Commented] (OFBIZ-12167) Adds a blacklist (to be renamed soon to denylist) in Java serialisation (CVE-2021-26295)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0d97a3b7a14777b9e9e085b483629d2774343c4723236d1c73f43ff0@%3Cdev.ofbiz.apache.org%3E",
          "name" : "[ofbiz-dev] 20210325 Comment out the SOAP and HTTP engines?",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/reccf8c8a58337ce7c035495d3d82fbc549e97036a9789a2a7d9cccf6@%3Cdev.ofbiz.apache.org%3E",
          "name" : "[ofbiz-dev] 20210325 Re: Comment out the SOAP and HTTP engines?",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rec5e9fdcdca13099cfb29f632333f44ad1dd60d90f67b90434e4467a@%3Cdev.ofbiz.apache.org%3E",
          "name" : "[ofbiz-dev] 20210329 Re: Comment out the SOAP and HTTP engines?",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc9bd0d3d794dc370bc70585960841868cb29b92dcc80552b84ca2599@%3Cnotifications.ofbiz.apache.org%3E",
          "name" : "[ofbiz-notifications] 20210329 [jira] [Commented] (OFBIZ-12167) Adds a blacklist (to be renamed soon to denylist) in Java serialisation (CVE-2021-26295)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r3ee005dd767cd83f522719423f5e7dd316f168ddbd1dc51a13d4e244@%3Cnotifications.ofbiz.apache.org%3E",
          "name" : "[ofbiz-notifications] 20210329 [jira] [Commented] (OFBIZ-6942) Comment out RMI related code because of the Java deserialization issue [CVE-2016-2170]",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162104/Apache-OFBiz-SOAP-Java-Deserialization.html",
          "name" : "http://packetstormsecurity.com/files/162104/Apache-OFBiz-SOAP-Java-Deserialization.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rbe512e5ccd6b11169c6379daa1234bc805f3d53c5a38224e956295ce@%3Cnotifications.ofbiz.apache.org%3E",
          "name" : "[ofbiz-notifications] 20210427 [jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128]",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r108a964764b8bd21ebd32ccd4f51c183ee80a251c105b849154a8e9d@%3Ccommits.ofbiz.apache.org%3E",
          "name" : "[ofbiz-commits] 20210427 [ofbiz-site] branch master updated: Updates security page for CVE-2021-29200 and 30128 fixed in 17.12.07",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "17.12.06",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-22T12:15Z",
    "lastModifiedDate" : "2021-05-03T17:45Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3416",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-835"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1932827",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1932827",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://www.openwall.com/lists/oss-security/2021/02/26/1",
          "name" : "https://www.openwall.com/lists/oss-security/2021/02/26/1",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html",
          "name" : "[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210507-0002/",
          "name" : "https://security.netapp.com/advisory/ntap-20210507-0002/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "5.2.0",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.0,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.5,
        "impactScore" : 4.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-18T20:15Z",
    "lastModifiedDate" : "2021-05-07T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-28660",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74b6b20df8cfe90ada777d621b54c32e69e27cd7",
          "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74b6b20df8cfe90ada777d621b54c32e69e27cd7",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJPVQZPY3DHPV5I3IVNMSMO6D3PKZISX/",
          "name" : "FEDORA-2021-bb755ed5e3",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html",
          "name" : "[debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210507-0008/",
          "name" : "https://security.netapp.com/advisory/ntap-20210507-0008/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "5.11.6",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-17T15:15Z",
    "lastModifiedDate" : "2021-05-07T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-27291",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-Other"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce",
          "name" : "https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14",
          "name" : "https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html",
          "name" : "[debian-lts-announce] 20210319 [SECURITY] [DLA 2600-1] pygments security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4878",
          "name" : "DSA-4878",
          "refsource" : "DEBIAN",
          "tags" : [ ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4889",
          "name" : "DSA-4889",
          "refsource" : "DEBIAN",
          "tags" : [ ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html",
          "name" : "[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/",
          "name" : "FEDORA-2021-3f975f68c8",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/",
          "name" : "FEDORA-2021-166dfc62b2",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html",
          "name" : "[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:pygments:pygments:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.1",
          "versionEndExcluding" : "2.7.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-17T13:15Z",
    "lastModifiedDate" : "2021-05-06T23:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-17525",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-476"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://subversion.apache.org/security/CVE-2020-17525-advisory.txt",
          "name" : "https://subversion.apache.org/security/CVE-2020-17525-advisory.txt",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00000.html",
          "name" : "[debian-lts-announce] 20210504 [SECURITY] [DLA 2646-1] subversion security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.9.0",
          "versionEndExcluding" : "1.10.7",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.11.0",
          "versionEndExcluding" : "1.14.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-17T10:15Z",
    "lastModifiedDate" : "2021-05-04T09:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-27077",
        "ASSIGNER" : "secure@microsoft.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-269"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27077",
          "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27077",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-287/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-287/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-403/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-403/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-482/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-482/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-494/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-494/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-495/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-495/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-496/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-496/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-497/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-497/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-498/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-498/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-499/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-499/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-500/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-500/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-501/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-501/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26863, CVE-2021-26875, CVE-2021-26900."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-11T16:15Z",
    "lastModifiedDate" : "2021-05-04T14:03Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-27054",
        "ASSIGNER" : "secure@microsoft.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27054",
          "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27054",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-507/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-507/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-27053."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-03-11T16:15Z",
    "lastModifiedDate" : "2021-05-05T16:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1640",
        "ASSIGNER" : "secure@microsoft.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-269"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1640",
          "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1640",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-493/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-493/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26878."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-11T16:15Z",
    "lastModifiedDate" : "2021-05-04T14:03Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20205",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-369"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1937385",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1937385",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TM3AHZEYGYFEDL6AW5RLEAJNVRWEJDFL/",
          "name" : "FEDORA-2021-7de3c2fe57",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMLEY6HLVZAGXIOGGPPUAMRJUA6LB3FD/",
          "name" : "FEDORA-2021-94e37443bb",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.90:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-03-10T17:15Z",
    "lastModifiedDate" : "2021-05-04T19:41Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21300",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-59"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/git/git/commit/684dd4c2b414bcf648505e74498a608f28de4592",
          "name" : "https://github.com/git/git/commit/684dd4c2b414bcf648505e74498a608f28de4592",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://git-scm.com/docs/gitattributes#_filter",
          "name" : "https://git-scm.com/docs/gitattributes#_filter",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://github.com/git/git/security/advisories/GHSA-8prw-h3cq-mghm",
          "name" : "https://github.com/git/git/security/advisories/GHSA-8prw-h3cq-mghm",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lore.kernel.org/git/xmqqim6019yd.fsf@gitster.c.googlers.com/",
          "name" : "https://lore.kernel.org/git/xmqqim6019yd.fsf@gitster.c.googlers.com/",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Third Party Advisory" ]
        }, {
          "url" : "https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks",
          "name" : "https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/03/09/3",
          "name" : "[oss-security] 20210309 git: malicious repositories can execute remote code while cloning",
          "refsource" : "MLIST",
          "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCLJJLKKMS5WRFO6C475AOUZTWQLIARX/",
          "name" : "FEDORA-2021-63fcbd126e",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LMXX2POK5X576BSDWSXGU7EIK6I72ERU/",
          "name" : "FEDORA-2021-ffd0b2108d",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBPNGLQSYJHLZZ37BO42YY6S5OTIF4L4/",
          "name" : "FEDORA-2021-03e61a6647",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://support.apple.com/kb/HT212320",
          "name" : "https://support.apple.com/kb/HT212320",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://seclists.org/fulldisclosure/2021/Apr/60",
          "name" : "20210427 APPLE-SA-2021-04-26-10 Xcode 12.5",
          "refsource" : "FULLDISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202104-01",
          "name" : "GLSA-202104-01",
          "refsource" : "GENTOO",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "2.14.2",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.17.0",
          "versionEndExcluding" : "2.17.6",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.18.0",
          "versionEndExcluding" : "2.18.5",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.19.0",
          "versionEndExcluding" : "2.19.6",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.20.0",
          "versionEndExcluding" : "2.20.5",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.21.0",
          "versionEndExcluding" : "2.21.4",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.22.0",
          "versionEndExcluding" : "2.22.5",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.23.0",
          "versionEndExcluding" : "2.23.4",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.24.0",
          "versionEndExcluding" : "2.24.4",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.25.0",
          "versionEndExcluding" : "2.25.5",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.26.0",
          "versionEndExcluding" : "2.26.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:git-scm:git:2.27.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:git-scm:git:2.28.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.29.0",
          "versionEndExcluding" : "2.29.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.30.0",
          "versionEndExcluding" : "2.30.2",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "12.5",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "11.0",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.6,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "HIGH",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.1
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 4.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-03-09T20:15Z",
    "lastModifiedDate" : "2021-05-05T14:23Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20255",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-835"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1930646",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1930646",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://www.openwall.com/lists/oss-security/2021/02/25/1",
          "name" : "https://www.openwall.com/lists/oss-security/2021/02/25/1",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1",
          "name" : "https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html",
          "name" : "[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210507-0003/",
          "name" : "https://security.netapp.com/advisory/ntap-20210507-0003/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-09T20:15Z",
    "lastModifiedDate" : "2021-05-07T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-35524",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-119"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://gitlab.com/rzkn/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22",
          "name" : "https://gitlab.com/rzkn/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1932044",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1932044",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://gitlab.com/libtiff/libtiff/-/merge_requests/159",
          "name" : "https://gitlab.com/libtiff/libtiff/-/merge_requests/159",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4869",
          "name" : "DSA-4869",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/",
          "name" : "FEDORA-2021-1bf4f2f13a",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202104-06",
          "name" : "GLSA-202104-06",
          "refsource" : "GENTOO",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "4.2.0",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-03-09T20:15Z",
    "lastModifiedDate" : "2021-05-05T15:04Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-21295",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-444"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj",
          "name" : "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/Netflix/zuul/pull/980",
          "name" : "https://github.com/Netflix/zuul/pull/980",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4",
          "name" : "https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f@%3Cdev.ranger.apache.org%3E",
          "name" : "[ranger-dev] 20210317 [jira] [Created] (RANGER-3209) Upgrade netty to 4.1.60+ due to CVE-2021-21290 and CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88d4663e63696ee7ef5@%3Cdev.ranger.apache.org%3E",
          "name" : "[ranger-dev] 20210317 [jira] [Assigned] (RANGER-3209) Upgrade netty to 4.1.60+ due to CVE-2021-21290 and CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r57245853c7245baab09eae08728c52b58fd77666538092389cc3e882@%3Ccommits.servicecomb.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/r57245853c7245baab09eae08728c52b58fd77666538092389cc3e882@%3Ccommits.servicecomb.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb523bb6c60196c5f58514b86a8585c2069a4852039b45de3818b29d2@%3Ccommits.servicecomb.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/rb523bb6c60196c5f58514b86a8585c2069a4852039b45de3818b29d2@%3Ccommits.servicecomb.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r490ca5611c150d193b320a2608209180713b7c68e501b67b0cffb925@%3Ccommits.servicecomb.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/r490ca5611c150d193b320a2608209180713b7c68e501b67b0cffb925@%3Ccommits.servicecomb.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6d32fc3cd547f7c9a288a57c7f525f5d00a00d5d163613e0d10a23ef@%3Ccommits.servicecomb.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/r6d32fc3cd547f7c9a288a57c7f525f5d00a00d5d163613e0d10a23ef@%3Ccommits.servicecomb.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d51c3a812e0394e6a5d@%3Ccommits.pulsar.apache.org%3E",
          "name" : "[pulsar-commits] 20210329 [GitHub] [pulsar] yaswanthnadella opened a new issue #10071: CVE-2021-21295 & CVE-2021-21290",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a19754e5057c34ca48@%3Ccommits.pulsar.apache.org%3E",
          "name" : "[pulsar-commits] 20210329 [GitHub] [pulsar] aahmed-se opened a new pull request #10073: Upgrade Netty version to 4.1.60.final",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c40b3d4e1a19c2f325@%3Ccommits.pulsar.apache.org%3E",
          "name" : "[pulsar-commits] 20210329 [GitHub] [pulsar] merlimat closed issue #10071: CVE-2021-21295 & CVE-2021-21290",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890@%3Cissues.bookkeeper.apache.org%3E",
          "name" : "[bookkeeper-issues] 20210330 [GitHub] [bookkeeper] eolivelli opened a new issue #2669: Update Netty to 4.1.60.final",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210330 [jira] [Updated] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210330 [jira] [Created] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210330 [jira] [Created] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904@%3Cdev.zookeeper.apache.org%3E",
          "name" : "[zookeeper-dev] 20210330 [jira] [Created] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4@%3Cdev.kafka.apache.org%3E",
          "name" : "[kafka-dev] 20210330 [jira] [Created] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210330 [jira] [Updated] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r3ff9e735ca33612d900607dc139ebd38a64cadc6bce292e53eb86d7f@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210331 [jira] [Commented] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r1bca0b81193b74a451fc6d687ab58ef3a1f5ec40f6c61561d8dd9509@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210331 [jira] [Assigned] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r312ce5bd3c6bf08c138349b507b6f1c25fe9cf40b6f2b0014c9d12b1@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] ayushmantri opened a new pull request #1669: ZOOKEEPER-4272: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r9051e4f484a970b5566dc1870ecd9c1eb435214e2652cf3ea4d0c0cc@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210331 [GitHub] [kafka] dongjinleekr opened a new pull request #10448: KAFKA-12583: Upgrade of netty-codec due to CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rcfc535afd413d9934d6ee509dce234dac41fa3747a7555befb17447e@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210331 [jira] [Updated] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r3c293431c781696681abbfe1c573c2d9dcdae6fd3ff330ea22f0433f@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210331 [GitHub] [kafka] dongjinleekr commented on pull request #10448: KAFKA-12583: Upgrade of netty-codec due to CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rbadcbcb50195f00bbd196403865ced521ca70787999583c07be38d0e@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] arshadmohammad commented on pull request #1669: ZOOKEEPER-4272: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rdb4db3f5a9c478ca52a7b164680b88877a5a9c174e7047676c006b2c@%3Ccommits.servicecomb.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/rdb4db3f5a9c478ca52a7b164680b88877a5a9c174e7047676c006b2c@%3Ccommits.servicecomb.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r67e6a636cbc1958383a1cd72b7fd0cd7493360b1dd0e6c12f5761798@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] eolivelli commented on pull request #1669: ZOOKEEPER-4272: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6a29316d758db628a1df49ca219d64caf493999b52cc77847bfba675@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] ayushmantri opened a new pull request #1670: ZOOKEEPER-4272: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r8db1d7b3b9acc9e8d2776395e280eb9615dd7790e1da8c57039963de@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/r8db1d7b3b9acc9e8d2776395e280eb9615dd7790e1da8c57039963de@%3Cnotifications.zookeeper.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5470456cf1409a99893ae9dd57439799f6dc1a60fda90e11570f66fe@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] arshadmohammad commented on pull request #1670: ZOOKEEPER-4272: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r837bbcbf12e335e83ab448b1bd2c1ad7e86efdc14034b23811422e6a@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20210331 [zookeeper] branch master updated: ZOOKEEPER-4272: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r22adb45fe902aeafcd0a1c4db13984224a667676c323c66db3af38a1@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20210331 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4272: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rbed09768f496244a2e138dbbe6d2847ddf796c9c8ef9e50f2e3e30d9@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] arshadmohammad closed pull request #1670: ZOOKEEPER-4272: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6a122c25e352eb134d01e7f4fc4d345a491c5ee9453fef6fc754d15b@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20210331 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4272: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5232e33a1f3b310a3e083423f736f3925ebdb150844d60ac582809f8@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] asfgit closed pull request #1669: ZOOKEEPER-4272: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r70cebada51bc6d49138272437d8a28fe971d0197334ef906b575044c@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20210331 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4272 ZOOKEEPER-4272: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re6207ebe2ca4d44f2a6deee695ad6f27fd29d78980f1d46ed1574f91@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210331 [jira] [Resolved] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2e93ce23e04c3f0a61e987d1111d0695cb668ac4ec4edbf237bd3e80@%3Ccommits.servicecomb.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/r2e93ce23e04c3f0a61e987d1111d0695cb668ac4ec4edbf237bd3e80@%3Ccommits.servicecomb.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rdc096e13ac4501ea2e2b03a197682a313b85d3d3ec89d5ae5551b384@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210401 [jira] [Commented] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5fc5786cdd640b1b0a3c643237ce0011f0a08a296b11c0e2c669022c@%3Cdev.kafka.apache.org%3E",
          "name" : "[kafka-dev] 20210401 [jira] [Resolved] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r96ce18044880c33634c4b3fcecc57b8b90673c9364d63eba00385523@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210401 [jira] [Commented] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc165e36ca7cb5417aec3f21bbc4ec00fb38ecebdd96a82cfab9bd56f@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210401 [jira] [Resolved] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc73b8dd01b1be276d06bdf07883ecd93fe1a01f139a99ef30ba4308c@%3Ccommits.servicecomb.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/rc73b8dd01b1be276d06bdf07883ecd93fe1a01f139a99ef30ba4308c@%3Ccommits.servicecomb.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd25c88aad0e76240dd09f0eb34bdab924933946429e068a167adcb73@%3Ccommits.servicecomb.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/rd25c88aad0e76240dd09f0eb34bdab924933946429e068a167adcb73@%3Ccommits.servicecomb.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987c16b1b99c790e7b87@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210402 [jira] [Commented] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r27b7e5a588ec826b15f38c40be500c50073400019ce7b8adfd07fece@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210402 [jira] [Updated] (HBASE-25728) [hbase-thirdparty] Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb95d42ce220ed4a4683aa17833b5006d657bc4254bc5cb03cd5e6bfb@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210402 [GitHub] [hbase-thirdparty] HorizonNet commented on pull request #48: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to >= 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r393a339ab0b63ef9e6502253eeab26e7643b3e69738d5948b2b1d064@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210402 [jira] [Assigned] (HBASE-25728) [hbase-thirdparty] Upgrade Netty library to >= 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rcf3752209a8b04996373bf57fdc808b3bfaa2be8702698a0323641f8@%3Ccommits.hbase.apache.org%3E",
          "name" : "[hbase-commits] 20210402 [hbase-thirdparty] branch master updated: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to >= 4.1.60 due to security vulnerability CVE-2021-21295 (#48)",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r040a5e4d9cca2f98354b58a70b27099672276f66995c4e2e39545d0b@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210402 [GitHub] [hbase-thirdparty] apurtell opened a new pull request #48: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to >= 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra83096bcbfe6e1f4d54449f8a013117a0536404e9d307ab4a0d34f81@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210402 [jira] [Updated] (HBASE-25728) [hbase-thirdparty] Upgrade Netty library to >= 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r86cd38a825ab2344f3e6cad570528852f29a4ffdf56ab67d75c36edf@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210402 [GitHub] [hbase-thirdparty] apurtell commented on pull request #48: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to >= 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6aee7e3566cb3e51eeed2fd8786704d91f80a7581e00a787ba9f37f6@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210402 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #48: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to >= 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r22b2f34447d71c9a0ad9079b7860323d5584fb9b40eb42668c21eaf1@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210402 [GitHub] [hbase-thirdparty] apurtell merged pull request #48: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to >= 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r905b92099998291956eebf4f1c5d95f5a0cbcece2946cc46d32274fd@%3Cdev.hbase.apache.org%3E",
          "name" : "[hbase-dev] 20210402 [jira] [Created] (HBASE-25728) [hbase-thirdparty] ZOOKEEPER-4272: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r15f66ada9a5faf4bac69d9e7c4521cedfefa62df9509881603791969@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210402 [jira] [Assigned] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r268850f26639ebe249356ed6d8edb54ee8943be6f200f770784fb190@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210402 [jira] [Created] (HBASE-25728) [hbase-thirdparty] ZOOKEEPER-4272: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4885",
          "name" : "DSA-4885",
          "refsource" : "DEBIAN",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898@%3Cdev.flink.apache.org%3E",
          "name" : "[flink-dev] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20210426 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rcfc154eb2de23d2dc08a56100341161e1a40a8ea86c693735437e8f2@%3Ccommits.servicecomb.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/rcfc154eb2de23d2dc08a56100341161e1a40a8ea86c693735437e8f2@%3Ccommits.servicecomb.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra96c74c37ed7252f78392e1ad16442bd16ae72a4d6c8db50dd55c88b@%3Ccommits.servicecomb.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/ra96c74c37ed7252f78392e1ad16442bd16ae72a4d6c8db50dd55c88b@%3Ccommits.servicecomb.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "4.1.60",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.9,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.2,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "HIGH",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.6
        },
        "severity" : "LOW",
        "exploitabilityScore" : 4.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-09T19:15Z",
    "lastModifiedDate" : "2021-05-07T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20263",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-281"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.openwall.com/lists/oss-security/2021/03/08/1",
          "name" : "https://www.openwall.com/lists/oss-security/2021/03/08/1",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1933668",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1933668",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210507-0002/",
          "name" : "https://security.netapp.com/advisory/ntap-20210507-0002/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "5.0.0",
          "versionEndExcluding" : "5.2.50",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.3,
          "baseSeverity" : "LOW"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-09T18:15Z",
    "lastModifiedDate" : "2021-05-07T05:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22134",
        "ASSIGNER" : "security@elastic.co"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-200"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://discuss.elastic.co/t/elastic-stack-7-11-0-security-update/265835",
          "name" : "https://discuss.elastic.co/t/elastic-stack-7-11-0-security-update/265835",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210430-0006/",
          "name" : "https://security.netapp.com/advisory/ntap-20210430-0006/",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been updated and not yet refreshed in the index. This could result in the search disclosing the existence of documents and fields the attacker should not be able to view."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.6.0",
          "versionEndIncluding" : "7.11.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-08T21:15Z",
    "lastModifiedDate" : "2021-05-05T13:28Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-35636",
        "ASSIGNER" : "talos-cna@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225",
          "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/",
          "name" : "FEDORA-2021-0d42c7cb33",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/",
          "name" : "FEDORA-2021-9de542ab4c",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00002.html",
          "name" : "[debian-lts-announce] 20210505 [SECURITY] [DLA 2649-1] cgal security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume(). An attacker can provide malicious input to trigger this vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-04T20:15Z",
    "lastModifiedDate" : "2021-05-05T07:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-35628",
        "ASSIGNER" : "talos-cna@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225",
          "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225",
          "refsource" : "MISC",
          "tags" : [ "Technical Description", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/",
          "name" : "FEDORA-2021-0d42c7cb33",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/",
          "name" : "FEDORA-2021-9de542ab4c",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00002.html",
          "name" : "[debian-lts-announce] 20210505 [SECURITY] [DLA 2649-1] cgal security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-04T20:15Z",
    "lastModifiedDate" : "2021-05-05T07:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28636",
        "ASSIGNER" : "talos-cna@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225",
          "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225",
          "refsource" : "MISC",
          "tags" : [ "Technical Description", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/",
          "name" : "FEDORA-2021-0d42c7cb33",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/",
          "name" : "FEDORA-2021-9de542ab4c",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00002.html",
          "name" : "[debian-lts-announce] 20210505 [SECURITY] [DLA 2649-1] cgal security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-04T20:15Z",
    "lastModifiedDate" : "2021-05-05T07:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28601",
        "ASSIGNER" : "talos-cna@cisco.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225",
          "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225",
          "refsource" : "MISC",
          "tags" : [ "Technical Description", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/",
          "name" : "FEDORA-2021-0d42c7cb33",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/",
          "name" : "FEDORA-2021-9de542ab4c",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/05/msg00002.html",
          "name" : "[debian-lts-announce] 20210505 [SECURITY] [DLA 2649-1] cgal security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-04T20:15Z",
    "lastModifiedDate" : "2021-05-05T07:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-26813",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-Other"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/trentm/python-markdown2/pull/387",
          "name" : "https://github.com/trentm/python-markdown2/pull/387",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRP5RN35JZTSJ3JT4722F447ZDK7LZS5/",
          "name" : "FEDORA-2021-0337384e41",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTIX5UXRDJZJ57DO4V33ZNJTNKWGBQLY/",
          "name" : "FEDORA-2021-e235a0da4a",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J752422YELXLMLZJPVJVKD2KKHHQRVEH/",
          "name" : "FEDORA-2021-77191478ad",
          "refsource" : "FEDORA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:markdown2_project:markdown2:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.0.1.18",
          "versionEndExcluding" : "2.4.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-03T16:15Z",
    "lastModifiedDate" : "2021-05-10T03:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25315",
        "ASSIGNER" : "security@suse.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-303"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1182382",
          "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1182382",
          "refsource" : "CONFIRM",
          "tags" : [ "Issue Tracking", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "3002.2:",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:opensuse:tumbleweed:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:suse:suse_linux_enterprise_server:15:sp3:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-03T10:15Z",
    "lastModifiedDate" : "2021-05-06T15:47Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22187",
        "ASSIGNER" : "cve@gitlab.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-400"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/300452",
          "name" : "https://gitlab.com/gitlab-org/gitlab/-/issues/300452",
          "refsource" : "MISC",
          "tags" : [ "Broken Link" ]
        }, {
          "url" : "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22187.json",
          "name" : "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22187.json",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
          "versionEndExcluding" : "12.6.7",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
          "versionEndExcluding" : "12.6.7",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "LOW",
          "baseScore" : 4.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-02T19:15Z",
    "lastModifiedDate" : "2021-05-04T12:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-3332",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-863"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332",
          "name" : "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:wpserveur:wps_hide_login:1.6.1:*:*:*:*:wordpress:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-03-01T21:15Z",
    "lastModifiedDate" : "2021-05-05T18:30Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-27223",
        "ASSIGNER" : "security@eclipse.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-400"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128",
          "name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7",
          "name" : "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5612dc69e1f79c421faf9764ffbc92591e2a69ea417c04cba57f49ea@%3Cuser.karaf.apache.org%3E",
          "name" : "[karaf-user] 20210301 Re: Jetty security defect",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd8e24a3e482e5984bc8c5492dc790413e4fdc1234e3debb94515796b@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210302 [GitHub] [kafka] dongjinleekr commented on pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r1b7ed296a865e3f1337a96ee9cd51f6d154d881a30da36020ca72a4b@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210302 [jira] [Created] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r35ab810c0f3016b3fd3a3fa9088a2d2781b354a810780ce74d022b6c@%3Cdev.kafka.apache.org%3E",
          "name" : "[kafka-dev] 20210302 [jira] [Created] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2c2c7b2971360fb946bbf062c58d7245927dd1ce9150fc9987f65409@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210302 [GitHub] [kafka] dongjinleekr opened a new pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc052fd4e9e9c01bead74c0b5680355ea5dc3b72d46f253cb65d03e43@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210302 [GitHub] [druid] a2l007 opened a new pull request #10937: Upgrade jetty to latest version",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rdd6c47321db1bfe12c68a898765bf3b6f97e2afa6a501254ed4feaed@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210302 [GitHub] [kafka] ableegoldman commented on pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r562a0cbc5c8cac4d000a27b2854a8ab1b924aa9dd45f8ffbea98e5ad@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210302 [GitHub] [kafka] omkreddy closed pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra47a26c008487b0a739a368c846e168de06c3cd118d31ecedafa679a@%3Cdev.kafka.apache.org%3E",
          "name" : "[kafka-dev] 20210302 [jira] [Resolved] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra384892bab8c03a60613a6a9d5e9cae0a2b800fd882792a55520115e@%3Ccommits.kafka.apache.org%3E",
          "name" : "[kafka-commits] 20210302 [kafka] branch 2.8 updated: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re819198d4732804dc01fca8b5b144689a118ede49f6128968773595c@%3Ccommits.kafka.apache.org%3E",
          "name" : "[kafka-commits] 20210302 [kafka] branch 2.6 updated: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r7fbdb7880be1566f943d80fbbeefde2115c086eba1bef3115350a388@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210302 [jira] [Resolved] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rff630ce92a4d1bb494fc1a3f9b57a3d60819b436505bcd8c6ccc713c@%3Ccommits.kafka.apache.org%3E",
          "name" : "[kafka-commits] 20210302 [kafka] branch 2.7 updated: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r3ce0e31b25ad4ee8f7c42b62cfdc72d1b586f5d6accd23f5295b6dd1@%3Cdev.kafka.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/r3ce0e31b25ad4ee8f7c42b62cfdc72d1b586f5d6accd23f5295b6dd1@%3Cdev.kafka.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re0d38cc2b5da28f708fc89de49036f3ace052c47a1202f7d70291614@%3Cdev.kafka.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/re0d38cc2b5da28f708fc89de49036f3ace052c47a1202f7d70291614@%3Cdev.kafka.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0e25cdf3722a24c53049d37396f0da8502cb4b7cdc481650dc601dbc@%3Cgitbox.activemq.apache.org%3E",
          "name" : "[activemq-gitbox] 20210303 [GitHub] [activemq] ehossack-aws opened a new pull request #616: Upgrade to Jetty 9.4.38.v20210224",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r857b31ad16c6e76002bc6cca73c83358ed2595477e288286ee82c48d@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210307 [GitHub] [zookeeper] ztzg commented on pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb79b62ac3085e05656e41865f5a7efcbdc7dcd7843abed9c5fe0fef8@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210307 [GitHub] [zookeeper] ztzg opened a new pull request #1624: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r26d9196f4d2afb9bec2784bcb6fc183aca82e4119bf41bdc613eec01@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210307 [GitHub] [zookeeper] ztzg opened a new pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rf6c2efa3137bc8c22707e550a1f9b80f74bca62b9c8a6f768f2c6b86@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210307 [GitHub] [zookeeper] ztzg opened a new pull request #1625: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/raa6d60b00b67c0550672b4f506f0df75b323dcd25cf574e91e2f2dff@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210307 [jira] [Created] (ZOOKEEPER-4233) dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5b7cc6ac733e0b35816751cf45d152ae246a3f40e0b1e62b101c9522@%3Cdev.zookeeper.apache.org%3E",
          "name" : "[zookeeper-dev] 20210307 [jira] [Created] (ZOOKEEPER-4233) dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0b639bd9bfaea265022125d18acd2fc6456044b76609ec74772c9567@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210307 [jira] [Updated] (ZOOKEEPER-4233) dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re19fa47ec901cc3cf6d7784027198e8113f8bc2dbfd6c9d6d13f5447@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210308 [GitHub] [zookeeper] arshadmohammad commented on a change in pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r75ee2a529edb892ac59110cb3f6f91844a932c5034e16c8317f5668d@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20210308 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra40a88a2301a3da86e25b501ff4bc88124f2b816c2917d5f3497f8f0@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210308 [GitHub] [zookeeper] arshadmohammad commented on pull request #1625: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re43768896273c0b5f1a03d7f0a9d370852074489d51825fdc0d77f0f@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210308 [GitHub] [zookeeper] arshadmohammad commented on pull request #1624: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r7f4ad5eec0bce2821c308bb23cac53df5c94eb84de1c58de9b95c176@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20210308 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r409ee2bae66bfff6aa89e6c74aff535e6248260d3afcb42bfb3b316b@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg closed pull request #1625: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0cdab13815fc419805a332278c8d27e354e78560944fc36db0bdc760@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg commented on pull request #1624: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r8b1963f16d6cb1230ca7ee73b6ec4f5c48f344191dbb1caabd265ee4@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg commented on pull request #1625: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r492cff8488a7f6eb96700afb5d137b719ddb80a833e77f971d2691c6@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg closed pull request #1624: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/reca91f217f9e1ce607ce6e19a1c0b3db82b5b1b58cf39a84d6434695@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg commented on a change in pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r8dc1b13b80d39fbf4a9d158850e15cd868f0460c2f364f13dca7050b@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] ztzg commented on pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rf77f4c4583669f1133d58cc4f1964367e253818ed8db986bb2732f7c@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210309 [GitHub] [zookeeper] arshadmohammad commented on pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r734f996149bb9b1796740385fcbdf3e093eb9aabedc0f20a48ea1d68@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210310 [jira] [Resolved] (ZOOKEEPER-4233) dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0c6eced465950743f3041b03767a32b2e98d19731bd72277fc7ea428@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20210310 [zookeeper] branch branch-3.7.0 updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r897a6a14d03eab09e89b809d2a650f3765065201da5bc3db9a4dd6e8@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20210310 [zookeeper] branch master updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re03a4dbc15df6f390a2f8c0a071c31c8324dbef007e59fdc2592091a@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20210310 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r51f8975ef47c12a46fbfd7da9efea7f08e1d307fe1dc3042514659ae@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210310 [GitHub] [zookeeper] asfgit closed pull request #1623: ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4c92ea39167c0f7b096ae8268db496b5451d69606f0304b7c8a994c7@%3Cissues.nifi.apache.org%3E",
          "name" : "[nifi-issues] 20210310 [jira] [Created] (NIFI-8309) Update to latest Jetty due to reported CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r07aedcb1ece62969c406cb84c8f0e22cec7e42cdc272f3176e473320@%3Cusers.solr.apache.org%3E",
          "name" : "[solr-users] 20210310 Does CVE-2020-27223 impact Solr 8.6.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r7ffd050d3bd7c90d95f4933560b5f4f15971ab9a5f5322fdce116243@%3Cdev.lucene.apache.org%3E",
          "name" : "[lucene-dev] 20210310 Does CVE-2020-27223 impact Solr 8.6.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r1b803e6ebdac5f670708878fb1b27cd7a0ce9d774a60e797e58cee6f@%3Cissues.nifi.apache.org%3E",
          "name" : "[nifi-issues] 20210310 [jira] [Resolved] (NIFI-8309) Update to latest Jetty due to reported CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re3bd4f831f9be49871cb6adb997289b5dbcd6fe4bc5cb08223254080@%3Cdev.lucene.apache.org%3E",
          "name" : "[lucene-dev] 20210310 Re: Does CVE-2020-27223 impact Solr 8.6.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r463b12b27264c5e1e3c48c8c2cc5d33813d2f0d981102548fb3102fb@%3Cissues.nifi.apache.org%3E",
          "name" : "[nifi-issues] 20210310 [jira] [Commented] (NIFI-8309) Update to latest Jetty due to reported CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r601f15f3de7ae3a7bbcd780c19155075c56443c2cdc1d193c03b4182@%3Cissues.spark.apache.org%3E",
          "name" : "[spark-issues] 20210315 [jira] [Assigned] (SPARK-34752) Upgrade Jetty to 9.4.37 to fix CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r105f4e52feb051faeb9141ef78f909aaf5129d6ed1fc52e099c79463@%3Cissues.spark.apache.org%3E",
          "name" : "[spark-issues] 20210315 [jira] [Created] (SPARK-34752) Upgrade Jetty to 9.3.37 to fix CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r521a077885ce79c44a799118c878589e81e525cab72d368e5cfb6f61@%3Cissues.spark.apache.org%3E",
          "name" : "[spark-issues] 20210315 [jira] [Commented] (SPARK-34752) Upgrade Jetty to 9.4.37 to fix CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra2f529da674f25a7351543544f7d621b5227c49a0745913b1194d11e@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210315 [GitHub] [spark] AmplabJenkins commented on pull request #31846: [SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4a456d89a83752a012d88a60ff4b21def6c9f650b9e69ea9fa11c9f9@%3Cissues.spark.apache.org%3E",
          "name" : "[spark-issues] 20210315 [jira] [Updated] (SPARK-34752) Upgrade Jetty to 9.4.37 to fix CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r27ad7843d060762cc942820566eeaa9639f75371afedf8124b943283@%3Cissues.spark.apache.org%3E",
          "name" : "[spark-issues] 20210315 [jira] [Updated] (SPARK-34752) Upgrade Jetty to 9.3.37 to fix CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd666e187ebea2fda8624683ab51e2a5ad2108f762d21bf1a383d7502@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210315 [GitHub] [spark] xkrogen opened a new pull request #31846: [SPARK-34752] Bump Jetty to 9.4.37 to address CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r1414ab2b3f4bb4c0e736caff6dc8d15f93f6264f0cca5c47710d7bb3@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210315 [GitHub] [spark] HyukjinKwon closed pull request #31846: [SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/reb3c6dc050c7ee18ea154cd94dba85d99aa6b02b84c4bb2138a4abf2@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210315 [GitHub] [spark] HyukjinKwon commented on pull request #31846: [SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc721fe2910533bffb6bd4d69ea8ff4f36066d260dbcd2d14e041614a@%3Cissues.spark.apache.org%3E",
          "name" : "[spark-issues] 20210315 [jira] [Resolved] (SPARK-34752) Upgrade Jetty to 9.4.37 to fix CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2c947376491a20d1cf143bf3c21ed74113e099d806cfe4c490a45ad8@%3Creviews.spark.apache.org%3E",
          "name" : "[spark-reviews] 20210316 [GitHub] [spark] xkrogen commented on pull request #31846: [SPARK-34752][BUILD] Bump Jetty to 9.4.37 to address CVE-2020-27223",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210401-0005/",
          "name" : "https://security.netapp.com/advisory/ntap-20210401-0005/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r068dfd35ce2193f6af28b74ff29ab148c2b2cacb235995576f5bea78@%3Cissues.solr.apache.org%3E",
          "name" : "[solr-issues] 20210407 [jira] [Created] (SOLR-15325) High security vulnerability in Jetty library bundled within Solr - CVE-2020-27223 (+1)",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r855b24a3bde3674256152edfc53fb8c9000f9b59db3fecbbde33b211@%3Cissues.solr.apache.org%3E",
          "name" : "[solr-issues] 20210507 [jira] [Updated] (SOLR-15325) High security vulnerability in Jetty library bundled within Solr - CVE-2020-27223 (+1)",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:eclipse:jetty:9.4.6:20180619:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.4.7",
          "versionEndExcluding" : "9.4.36",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:eclipse:jetty:9.4.36:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:eclipse:jetty:9.4.36:20210114:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:eclipse:jetty:10.0.0:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:eclipse:jetty:11.0.0:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:nifi:1.13.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:spark:3.1.1:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "LOW",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-02-26T22:15Z",
    "lastModifiedDate" : "2021-05-07T16:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-27568",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-754"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/netplex/json-smart-v2/issues/60",
          "name" : "https://github.com/netplex/json-smart-v2/issues/60",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/netplex/json-smart-v1/issues/7",
          "name" : "https://github.com/netplex/json-smart-v1/issues/7",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:json-smart_project:json-smart-v1:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.3.2",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:json-smart_project:json-smart-v2:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "2.3.1",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:json-smart_project:json-smart-v2:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.4",
          "versionEndExcluding" : "2.4.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.1,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.4
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-02-23T02:15Z",
    "lastModifiedDate" : "2021-05-04T13:58Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-23336",
        "ASSIGNER" : "report@snyk.io"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-444"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933",
          "name" : "https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/python/cpython/pull/24297",
          "name" : "https://github.com/python/cpython/pull/24297",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/",
          "name" : "https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/",
          "refsource" : "MISC",
          "tags" : [ "Technical Description", "Third Party Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/02/19/4",
          "name" : "[oss-security] 20210219 Django security releases: CVE-2021-23336: Web cache poisoning via ``django.utils.http.limited_parse_qsl()``",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html",
          "name" : "[debian-lts-announce] 20210219 [SECURITY] [DLA 2569-1] python-django security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/",
          "name" : "FEDORA-2021-7547ad987f",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/",
          "name" : "FEDORA-2021-f4fd9372c7",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/",
          "name" : "FEDORA-2021-7d3a9004e2",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/",
          "name" : "FEDORA-2021-3352c1c802",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "name" : "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/",
          "name" : "FEDORA-2021-907f3bacae",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/",
          "name" : "FEDORA-2021-7c1bb32d13",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/",
          "name" : "FEDORA-2021-b1843407ca",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/",
          "name" : "FEDORA-2021-2897f5366c",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/",
          "name" : "FEDORA-2021-b326fcb83f",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/",
          "name" : "FEDORA-2021-1bb399a5af",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/",
          "name" : "FEDORA-2021-ef83e8525a",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/",
          "name" : "FEDORA-2021-b76ede8f4d",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/",
          "name" : "FEDORA-2021-309bc2e727",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/",
          "name" : "FEDORA-2021-e525e48886",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/",
          "name" : "FEDORA-2021-5a09621ebb",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/",
          "name" : "FEDORA-2021-e22bb0e548",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210326-0004/",
          "name" : "https://security.netapp.com/advisory/ntap-20210326-0004/",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html",
          "name" : "[debian-lts-announce] 20210405 [SECURITY] [DLA 2619-1] python3.5 security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html",
          "name" : "[debian-lts-announce] 20210417 [SECURITY] [DLA 2628-1] python2.7 security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/",
          "name" : "FEDORA-2021-b6b6093b3a",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202104-04",
          "name" : "GLSA-202104-04",
          "refsource" : "GENTOO",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E",
          "name" : "[airflow-users] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/01/2",
          "name" : "[oss-security] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E",
          "name" : "[announce] 20210501 Apache Airflow CVE: CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "3.6.13",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.7.0",
          "versionEndExcluding" : "3.7.10",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.8.0",
          "versionEndExcluding" : "3.8.8",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.9.0",
          "versionEndExcluding" : "3.9.2",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:inventory_collect_tool:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.2",
          "versionEndExcluding" : "2.2.19",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.0",
          "versionEndExcluding" : "3.0.13",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.1",
          "versionEndExcluding" : "3.1.7",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "HIGH",
          "baseScore" : 5.9,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.6,
        "impactScore" : 4.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:H/Au:N/C:N/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "HIGH",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 4.9,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-02-15T13:15Z",
    "lastModifiedDate" : "2021-05-04T00:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-13949",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-400"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r3a1291a7ab8ee43db87cb0253371489810877028fc6e7c68dc640926@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 opened a new pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r27b7d3d95ffa8498899ef1c9de553d469f8fe857640a3f6e58dba640@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210215 [jira] [Work started] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r143ca388b0c83fe659db14be76889d50b453b0ee06f423181f736933@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210215 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r515e01a30443cfa2dbb355c44c63149869afd684fb7b0344c58fa67b@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r93f23f74315e009f4fb68ef7fc794dceee42cf87fe6613814dcd8c70@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd78cdd87d84499a404202f015f55935db3658bd0983ecec81e6b18c6@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210215 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd49d53b146d94a7d3a135f6b505589655ffec24ea470e345d31351bb@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210215 [GitHub] [hbase] apurtell edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r3f3e1d562c528b4bafef2dde51f79dd444a4b68ef24920d68068b6f9@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210215 [GitHub] [hbase] apurtell commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2d180180f37c2ab5cebd711d080d01d8452efa8ad43c5d9cd7064621@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210216 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r89fdd39965efb7c6d22bc21c286d203252cea476e1782724aca0748e@%3Cuser.thrift.apache.org%3E",
          "name" : "[thrift-user] 20210217 Apache Thrift 0.14.0 Release not on Maven central",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rbc5cad06a46d23253a3c819229efedecfc05f89ef53f5fdde77a86d6@%3Cuser.thrift.apache.org%3E",
          "name" : "[thrift-user] 20210224 Re: [SECURITY] CVE-2020-13949 Announcement",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r02f7771863383ae993eb83cdfb70c3cb65a355c913242c850f61f1b8@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210301 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Exploit", "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r7ae909438ff5a2ffed9211e6ab0bd926396fd0b1fc33f31a406ee704@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210302 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Exploit", "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rf603d25213cfff81d6727c259328846b366fd32a43107637527c9768@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210302 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6990c849aeafe65366794bfd002febd47b7ffa8cf3c059b400bbb11d@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210302 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r298a25228868ebc0943d56c8f3641212a0962d2dbcf1507d5860038e@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210302 [GitHub] [hbase] Apache9 commented on a change in pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rf741d08c7e0ab1542c81ea718467422bd01159ed284796a36ad88311@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210302 [GitHub] [hbase] pankaj72981 commented on a change in pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r278e96edc4bc13efb2cb1620a73e48f569162b833c6bda3e6ea18b80@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210303 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r421a9a76811c1aed7637b5fe5376ab14c09ccdd7b70d5211d6e76d1e@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210308 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r1fb2d26b81c64ce96c4fd42b9e6842ff315b02c36518213b6c057350@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210309 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r286e9a13d3ab0550042997219101cb87871834b8d5ec293b0c60f009@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210310 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r117d5d2b08d505b69558a2a31b0a1cf8990cd0385060b147e70e76a9@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210310 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2f6a547f226579f542eb08793631d1f2d47d7aed7e2f9d11a4e6af9f@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210311 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r449288f6a941a2585262e0f4454fdefe169d5faee33314f6f89fab30@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210311 [GitHub] [hbase] pankaj72981 opened a new pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r01b34416677f1ba869525e1b891ac66fa6f88c024ee4d7cdea6b456b@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210311 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r3550b61639688e0efbc253c6c3e6358851c1f053109f1c149330b535@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210311 [GitHub] [hbase] pankaj72981 closed pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r890b8ec5203d70a59a6b1289420d46938d9029ed706aa724978789be@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210311 [GitHub] [hbase] Apache-HBase commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2ed66a3823990306b742b281af1834b9bc85f98259c870b8ffb13d93@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210312 [GitHub] [hbase] pankaj72981 commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r587b4a5bcbc290269df0906bafba074f3fe4e50d4e959212f56fa7ea@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210312 [GitHub] [hbase] Apache-HBase commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rcdf62ecd36e39e4ff9c61802eee4927ce9ecff1602eed1493977ef4c@%3Cuser.thrift.apache.org%3E",
          "name" : "[thrift-user] 20210312 Thrift 0.13 micro for CVE-2020-13949?",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r1504886a550426d3c05772c47b1a6350c3235e51fd1fdffbec43e974@%3Cuser.thrift.apache.org%3E",
          "name" : "[thrift-user] 20210312 RE: Thrift 0.13 micro for CVE-2020-13949?",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rf65df763f630163a3f620887efec082080555cee1adb0b8eaf2c7ddb@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210315 [GitHub] [hbase] saintstack commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rdc8e0f92d06decaee5db58de4ded16d80016a7db2240a8db17225c49@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210315 [GitHub] [hbase] Apache-HBase commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r191a9279e2863b68e5496ee4ecd8be0d4fe43b324b934f0d1f106e1d@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210316 [GitHub] [hbase] pankaj72981 commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0372f0af2dad0b76fbd7a6cfdaad29d50384ad48dda475a5026ff9a3@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210316 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r850522c56c05aa06391546bdb530bb8fc3437f2b77d16e571ae73309@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210316 [GitHub] [hbase] pankaj72981 merged pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r02ba8db500d15a5949e9a7742815438002ba1cf1b361bdda52ed40ca@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210317 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r3e31ec7e8c39db7553be4f4fd4d27cf27c41f1ba9c985995c4ea9c5a@%3Cnotifications.thrift.apache.org%3E",
          "name" : "[thrift-notifications] 20210317 [GitHub] [thrift] cyril867 edited a comment on pull request #2208: THRIFT-5237 Implement MAX_MESSAGE_SIZE and consolidate limits into a TConfiguration class (c_glib)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r3f97dbbbb1b2a7324521208bb595392853714e141a37b8f68d395835@%3Cnotifications.thrift.apache.org%3E",
          "name" : "[thrift-notifications] 20210317 [GitHub] [thrift] cyril867 commented on pull request #2208: THRIFT-5237 Implement MAX_MESSAGE_SIZE and consolidate limits into a TConfiguration class (c_glib)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r8dfbefcd606af6737b62461a45a9af9222040b62eab474ff2287cf75@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210318 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r668aed02e287c93403e0b8df16089011ee4a96afc8f479809f1fc07f@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210319 [jira] [Comment Edited] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra7371efd8363c1cd0f5331aafd359a808cf7277472b8616d7b392128@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210319 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rf568168e7f83871969928c0379813da6d034485f8b20fa73884816d6@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210320 RE: [jira] [Work started] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r18732bb1343894143d68db58fe4c8f56d9cd221b37f1378ed7373372@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210324 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc896ce7761999b088f3adabcb99dde2102b6a66130b8eec6c8265eab@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc7a79b08822337c68705f16ee7ddcfd352313b836e78a4b86c7a7e3d@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3084: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.4)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6c5b7324274fd361b038c5cc316e99344b7ae20beae7163214fac14d@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3084: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.4)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rae95c2234b6644bfd666b2671a1b42a09f38514d0f27cca3c7d5d55a@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/race178e9500ab8a5a6112667d27c48559150cadb60f2814bc67c40af@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3086: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.2)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r1456eab5f3768be69436d5b0a68b483eb316eb85eb3ef6eba156a302@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r3de0e0c26d4bd00dd28cab27fb44fba11d1c1d20275f7cce71393dd1@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r7597683cc8b87a31ec864835225a543dad112d7841bf1f17bf7eb8db@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3086: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.2)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rfbb01bb85cdc2022f3b96bdc416dbfcb49a2855b3a340aa88b2e1de9@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new issue #11028: Bump Thrift library version",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r9b51e7c253cb0989b4c03ed9f4e5f0478e427473357209ccc4d08ebf@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210325 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r1dea91f0562e0a960b45b1c5635b2a47b258b77171334276bcf260a7@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210325 [GitHub] [hbase] pankaj72981 commented on pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb3574bc1036b577b265be510e6b208f0a5d5d84cd7198347dc8482df@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 merged pull request #3084: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.4)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r409e296c890753296c544a74d4de0d4a3ce719207a5878262fa2bd71@%3Ccommits.hbase.apache.org%3E",
          "name" : "[hbase-commits] 20210324 [hbase] branch branch-2.2 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3086)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb44ec04e5a9b1f87fef97bb5f054010cbfaa3b8586472a3a38a16fca@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210325 [GitHub] [hbase] pankaj72981 merged pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r699c031e6921b0ad0f943848e7ba1d0e88c953619d47908618998f76@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 merged pull request #3086: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.2)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r74eb88b422421c65514c23cb9c2b2216efb9254317ea1b6a264fe6dc@%3Ccommits.hbase.apache.org%3E",
          "name" : "[hbase-commits] 20210325 [hbase] branch branch-2.3 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3085)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rada9d2244a66ede0be29afc5d5f178a209f9988db56b9b845d955741@%3Ccommits.hbase.apache.org%3E",
          "name" : "[hbase-commits] 20210324 [hbase] branch branch-2.4 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3084)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rad635e16b300cf434280001ee6ecd2ed2c70987bf16eb862bfa86e02@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210325 [GitHub] [hbase] Apache-HBase commented on pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra3f7f06a1759c8e2985ed24ae2f5483393c744c1956d661adc873f2c@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210325 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd370fdb419652c5219409b315a6349b07a7e479bd3f151e9a5671774@%3Ccommits.hbase.apache.org%3E",
          "name" : "[hbase-commits] 20210326 [hbase] branch branch-2 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3083)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc48ab5455bdece9a4afab53ca0f1e4f742d5baacb241323454a87b4e@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210326 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r08a7bd19470ef8950d58cc9d9e7b02bc69c43f56c601989a7729cce5@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210326 [GitHub] [hbase] pankaj72981 merged pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rdcf00186c34d69826d9c6b1f010136c98b00a586136de0061f7d267e@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210326 [GitHub] [hbase] pankaj72981 commented on pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4fa53eacca2ac38904f38dc226caebb3f2f668b2da887f2fd416f4a7@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210326 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra9f7c755790313e1adb95d29794043fb102029e803daf4212ae18063@%3Cissues.solr.apache.org%3E",
          "name" : "[solr-issues] 20210407 [jira] [Created] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r13f40151513ff095a44a86556c65597a7e55c00f5e19764a05530266@%3Cissues.hbase.apache.org%3E",
          "name" : "[hbase-issues] 20210415 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r886b6d9a89b6fa0aafbf0a8f8f14351548d6c6f027886a3646dbd075@%3Cissues.solr.apache.org%3E",
          "name" : "[solr-issues] 20210420 [jira] [Commented] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb91c32194eb5006f0b0c8bcdbd512c13495a1b277d4d51d45687f036@%3Cissues.solr.apache.org%3E",
          "name" : "[solr-issues] 20210507 [jira] [Updated] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r15eed5d21e16a5cce810c1e096ffcffc36cd08c2f78ce2f9b24b4a6a@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20210510 [jira] [Assigned] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.0 due",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rcace846f74ea9e2af2f7c30cef0796724aa74089f109c8029b850163@%3Cdev.hive.apache.org%3E",
          "name" : "[hive-dev] 20210510 [jira] [Created] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.0 due",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r635133a74fa07ef3331cae49a9a088365922266edd58099a6162a5d3@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20210510 [jira] [Updated] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.0",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:thrift:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "0.9.3",
          "versionEndIncluding" : "0.13.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-02-12T20:15Z",
    "lastModifiedDate" : "2021-05-10T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-19005",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-415"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/autotrace/autotrace/commits/master",
          "name" : "https://github.com/autotrace/autotrace/commits/master",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/autotrace/autotrace/pull/40",
          "name" : "https://github.com/autotrace/autotrace/pull/40",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC6MUH2RLVEA634LHBNZ2KO7MQKI2RDZ/",
          "name" : "FEDORA-2021-cb871c9e6c",
          "refsource" : "FEDORA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:autotrace_project:autotrace:0.31.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-02-11T21:15Z",
    "lastModifiedDate" : "2021-05-10T03:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-19004",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-190"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/autotrace/autotrace/commits/master",
          "name" : "https://github.com/autotrace/autotrace/commits/master",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/autotrace/autotrace/commits/master/src/input-bmp.c",
          "name" : "https://github.com/autotrace/autotrace/commits/master/src/input-bmp.c",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/autotrace/autotrace/pull/40",
          "name" : "https://github.com/autotrace/autotrace/pull/40",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC6MUH2RLVEA634LHBNZ2KO7MQKI2RDZ/",
          "name" : "FEDORA-2021-cb871c9e6c",
          "refsource" : "FEDORA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:autotrace_project:autotrace:0.31.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "LOW",
          "baseScore" : 3.3,
          "baseSeverity" : "LOW"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-02-11T21:15Z",
    "lastModifiedDate" : "2021-05-10T03:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-22881",
        "ASSIGNER" : "cve-assignments@hackerone.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-601"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://hackerone.com/reports/1047447",
          "name" : "https://hackerone.com/reports/1047447",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130",
          "name" : "https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130",
          "refsource" : "MISC",
          "tags" : [ "Mitigation", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization/",
          "name" : "https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization/",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/",
          "name" : "FEDORA-2021-b571fca1b8",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/05/2",
          "name" : "[oss-security] 20210505 [CVE-2021-22903] Possible Open Redirect Vulnerability in Action Pack",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain \"allowed host\" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.0.0",
          "versionEndExcluding" : "6.0.3.5",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.1.0",
          "versionEndExcluding" : "6.1.2.1",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-02-11T18:15Z",
    "lastModifiedDate" : "2021-05-06T14:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-26676",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.openwall.com/lists/oss-security/2021/02/08/2",
          "name" : "https://www.openwall.com/lists/oss-security/2021/02/08/2",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1181751",
          "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1181751",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Third Party Advisory" ]
        }, {
          "url" : "https://git.kernel.org/pub/scm/network/connman/connman.git/tree/ChangeLog",
          "name" : "https://git.kernel.org/pub/scm/network/connman/connman.git/tree/ChangeLog",
          "refsource" : "CONFIRM",
          "tags" : [ "Release Notes", "Third Party Advisory" ]
        }, {
          "url" : "https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa",
          "name" : "https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1",
          "name" : "https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/02/msg00013.html",
          "name" : "[debian-lts-announce] 20210209 [SECURITY] [DLA 2552-1] connman security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4847",
          "name" : "DSA-4847",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://kunnamon.io/tbone/",
          "name" : "https://kunnamon.io/tbone/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:connman:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.39",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "ADJACENT_NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:A/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "ADJACENT_NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.3
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.5,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-02-09T16:15Z",
    "lastModifiedDate" : "2021-05-05T14:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-26675",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.openwall.com/lists/oss-security/2021/02/08/2",
          "name" : "https://www.openwall.com/lists/oss-security/2021/02/08/2",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1181751",
          "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1181751",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Third Party Advisory" ]
        }, {
          "url" : "https://git.kernel.org/pub/scm/network/connman/connman.git/tree/ChangeLog",
          "name" : "https://git.kernel.org/pub/scm/network/connman/connman.git/tree/ChangeLog",
          "refsource" : "CONFIRM",
          "tags" : [ "Release Notes", "Third Party Advisory" ]
        }, {
          "url" : "https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb",
          "name" : "https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/02/msg00013.html",
          "name" : "[debian-lts-announce] 20210209 [SECURITY] [DLA 2552-1] connman security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4847",
          "name" : "DSA-4847",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://kunnamon.io/tbone/",
          "name" : "https://kunnamon.io/tbone/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:connman:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.39",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "ADJACENT_NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:A/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "ADJACENT_NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 6.5,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-02-09T16:15Z",
    "lastModifiedDate" : "2021-05-05T14:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-17523",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-863"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://lists.apache.org/thread.html/rce5943430a6136d37a1f2fc201d245fe094e2727a0bc27e3b2d43a39%40%3Cdev.shiro.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/rce5943430a6136d37a1f2fc201d245fe094e2727a0bc27e3b2d43a39%40%3Cdev.shiro.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5b93ddf97e2c4cda779d22fab30539bdec454cfa5baec4ad0ffae235@%3Cgitbox.activemq.apache.org%3E",
          "name" : "[activemq-gitbox] 20210210 [GitHub] [activemq] ehossack-aws opened a new pull request #614: Update shiro to 1.7.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd4b613e121438b97e3eb263cac3137caddb1dbd8f648b73a4f1898a6@%3Cissues.activemq.apache.org%3E",
          "name" : "[activemq-issues] 20210301 [jira] [Created] (AMQ-8159) High severity security issues found in Apache Shiro v.1.7.0",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r9d93dfb5df016b1a71a808486bc8f9fbafebbdbc8533625f91253f1d@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20210331 Re: Request for assistance to backport CVE-2020-13933 fix",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re25b8317b00a50272a7252c4552cf1a81a97984cc2111ef7728e48e0@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20210407 Re: Request for assistance to backport CVE-2020-13933 fix",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r679ca97813384bdb1a4c087810ba44d9ad9c7c11583979bb7481d196@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20210424 Re: Ask help for upgrading Shiro in CDH platform to 1.7.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E",
          "name" : "[activemq-users] 20210427 Release date for ActiveMQ v5.16.2 to fix CVEs",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r852971e28f54cafa7d325bd7033115c67d613b112a2a1076817390ac@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20210504 Re: Request for assistance to backport CVE-2020-13933 fix",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.7.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 9.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 8.5,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-02-03T17:15Z",
    "lastModifiedDate" : "2021-05-05T03:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-25646",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-732"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://lists.apache.org/thread.html/rfda8a3aa6ac06a80c5cbfdeae0fc85f88a5984e32ea05e6dda46f866%40%3Cdev.druid.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/rfda8a3aa6ac06a80c5cbfdeae0fc85f88a5984e32ea05e6dda46f866%40%3Cdev.druid.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/01/29/6",
          "name" : "[oss-security] 20210129 CVE-2021-25646: Authenticated users can override system configurations in their requests which allows them to execute arbitrary code.",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r64431c2b97209f566b5dff92415e7afba0ed3bfab4695ebaa8a62e5d@%3Cdev.druid.apache.org%3E",
          "name" : "[druid-dev] 20210129 Re: [druid-user] Re: CVE-2021-25646: Authenticated users can override system configurations in their requests which allows them to execute arbitrary code.",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc167d5e57f3120578718a7a458ce3e73b3830ac4efbb1b085bd06b92@%3Cdev.druid.apache.org%3E",
          "name" : "[druid-dev] 20210129 Re: CVE-2021-25646: Authenticated users can override system configurations in their requests which allows them to execute arbitrary code.",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r20e0c3b10ae2c05a3aad40f1476713c45bdefc32c920b9986b941d8f@%3Cannounce.apache.org%3E",
          "name" : "[announce] 20210129 Subject: [CVE-2021-25646] Apache Druid remote code execution vulnerability",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r121abe8014d381943b63c60615149d40bde9dc1c868bcee90d0d0848@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210204 [GitHub] [druid] jihoonson opened a new pull request #10854: [Backport] Fix CVE-2021-25646",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rea9436a4063927a567d698431ddae55e760c3f876c22ac5b9813685f@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210204 [GitHub] [druid] jihoonson commented on pull request #10818: Fix CVE-2021-25646",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r04fa1ba93599487c95a8497044d37f8c02a439bfcf92b4567bfb7c8f@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210204 [GitHub] [druid] jihoonson merged pull request #10854: [Backport] Fix CVE-2021-25646",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rfeb775822cd3baef1595b60f6860f5ca849eb1903236483f3297bd5c@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210204 [druid] branch 0.21.0 updated: Fix CVE-2021-25646 (#10818) (#10854)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4f84b542417ea46202867c0a8b3eaf3b4cfed30e09174a52122ba210@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210204 [GitHub] [druid] jihoonson merged pull request #10818: Fix CVE-2021-25646",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra4225912f501016bc5e0ac44e14b8d6779173a3a1dc7baacaabcc9ba@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210205 [GitHub] [druid] jihoonson commented on pull request #10818: Fix CVE-2021-25646",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r7dff4790e7a5c697fc0360adf11f5aeb31cd6ad80644fffee690673c@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210205 [GitHub] [druid] jihoonson merged pull request #10818: Fix CVE-2021-25646",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5ef625076982aee7d23c23f07717e626b73f421fba5154d1e4de15e1@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210205 [GitHub] [druid] jihoonson merged pull request #10854: [Backport] Fix CVE-2021-25646",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r443e2916c612fbd119839c0fc0729327d6031913a75081adac5b43ad@%3Cdev.druid.apache.org%3E",
          "name" : "[druid-dev] 20210331 Regarding the 0.21.0 release",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r87aa94e28dd21ee2252d30c63f01ab9cb5474ee5bdd98dd8d7d734aa@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210205 [GitHub] [druid] jihoonson opened a new pull request #10854: [Backport] Fix CVE-2021-25646",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162345/Apache-Druid-0.20.0-Remote-Command-Execution.html",
          "name" : "http://packetstormsecurity.com/files/162345/Apache-Druid-0.20.0-Remote-Command-Execution.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:druid:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "0.20.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 9.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 8.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-01-29T20:15Z",
    "lastModifiedDate" : "2021-05-05T13:27Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-26117",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-287"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://mail-archives.apache.org/mod_mbox/activemq-users/202101.mbox/%3cCAH+vQmMeUEiKN4wYX9nLBbqmFZFPXqajNvBKmzb2V8QZANcSTA@mail.gmail.com%3e",
          "name" : "https://mail-archives.apache.org/mod_mbox/activemq-users/202101.mbox/%3cCAH+vQmMeUEiKN4wYX9nLBbqmFZFPXqajNvBKmzb2V8QZANcSTA@mail.gmail.com%3e",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rffa5cd05d01c4c9853b17f3004d80ea6eb8856c422a8545c5f79b1a6@%3Ccommits.activemq.apache.org%3E",
          "name" : "[activemq-commits] 20210128 [activemq-website] branch master updated: CVE-2021-26117 - add mitigation section",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re1b98da90a5f2e1c2e2d50e31c12e2578d61fe01c0737f9d0bd8de99@%3Cannounce.apache.org%3E",
          "name" : "[announce] 20210128 CVE-2021-26117: ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E",
          "name" : "[activemq-commits] 20210208 [activemq-website] branch master updated: Publish CVE-2020-13947",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210304-0008/",
          "name" : "https://security.netapp.com/advisory/ntap-20210304-0008/",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html",
          "name" : "[debian-lts-announce] 20210305 [SECURITY] [DLA 2583-1] activemq security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r70389648227317bdadcdecbd9f238571a6047469d156bd72bb0ca2f7@%3Cgitbox.activemq.apache.org%3E",
          "name" : "[activemq-gitbox] 20210323 [GitHub] [activemq-artemis] trevorlinton opened a new pull request #3515: Update activmq5 version to fix CVE-2021-26117",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rec93794f8aeddf8a5f1a643d264b4e66b933f06fd72a38f31448f0ac@%3Cgitbox.activemq.apache.org%3E",
          "name" : "[activemq-gitbox] 20210409 [GitHub] [activemq-artemis] brusdev closed pull request #3515: Update activmq5 version to fix CVE-2021-26117",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5899ece90bcae5805ad6142fdb05c58595cff19cb2e98cc58a91f55b@%3Cgitbox.activemq.apache.org%3E",
          "name" : "[activemq-gitbox] 20210409 [GitHub] [activemq-artemis] brusdev commented on pull request #3515: Update activmq5 version to fix CVE-2021-26117",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r110cacfa754471361234965ffe851a046e302ff2693b055f49f47b02@%3Cissues.activemq.apache.org%3E",
          "name" : "[activemq-issues] 20210421 [jira] [Created] (AMQ-8245) CVE-2021-26117 on AMQ 5.16.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r22cdc0fb45e223ac92bc2ceff7af92f1193dfc614c8b248534456229@%3Cissues.activemq.apache.org%3E",
          "name" : "[activemq-issues] 20210421 [jira] [Created] (AMQ-8246) CVE-2021-26117 still exists on 5.16.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/raea451de09baed76950d6a60cc4bb1b74476c505e03205a3c68c9808@%3Cissues.activemq.apache.org%3E",
          "name" : "[activemq-issues] 20210421 [jira] [Created] (AMQ-8244) CVE-2021-26117 on AMQ 5.16.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd75600cee29cb248d548edcf6338fe296466d63a69e2ed0afc439ec7@%3Cissues.activemq.apache.org%3E",
          "name" : "[activemq-issues] 20210421 [jira] [Updated] (AMQ-8246) CVE-2021-26117 still exists on 5.16.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r3341d96d8f956e878fb7b463b08d57ca1d58fec9c970aee929b58e0d@%3Cissues.activemq.apache.org%3E",
          "name" : "[activemq-issues] 20210509 [jira] [Commented] (AMQ-8246) CVE-2021-26117 still exists on 5.16.1",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r519bfafd67091d0b91243efcb1c49b1eea27321355ba5594f679277d@%3Cissues.activemq.apache.org%3E",
          "name" : "[activemq-issues] 20210509 [jira] [Deleted] (AMQ-8244) CVE-2021-26117 on AMQ 5.16.1",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd05b1c9d61dbd220664d559aa0e2b55e5830f006a09e82057f3f7863@%3Cissues.activemq.apache.org%3E",
          "name" : "[activemq-issues] 20210509 [jira] [Deleted] (AMQ-8245) CVE-2021-26117 on AMQ 5.16.1",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "5.15.0",
          "versionEndExcluding" : "5.15.14",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "5.16.0",
          "versionEndExcluding" : "5.16.1",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "2.16.0",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-01-27T19:15Z",
    "lastModifiedDate" : "2021-05-09T17:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-20190",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-502"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/FasterXML/jackson-databind/issues/2854",
          "name" : "https://github.com/FasterXML/jackson-databind/issues/2854",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1916633",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1916633",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210219-0008/",
          "name" : "https://security.netapp.com/advisory/ntap-20210219-0008/",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E",
          "name" : "[nifi-commits] 20210222 svn commit: r1886814 - /nifi/site/trunk/security.html",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html",
          "name" : "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.9.0",
          "versionEndExcluding" : "2.9.10.7",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.7.0",
          "versionEndIncluding" : "1.12.1",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.1,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.2,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 8.3
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 8.6,
        "impactScore" : 8.5,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-01-19T17:15Z",
    "lastModifiedDate" : "2021-05-05T12:49Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2021-1648",
        "ASSIGNER" : "secure@microsoft.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-269"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1648",
          "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1648",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-504/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-21-504/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Microsoft splwow64 Elevation of Privilege Vulnerability"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-01-12T20:15Z",
    "lastModifiedDate" : "2021-05-03T20:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-36183",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-502"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/FasterXML/jackson-databind/issues/3003",
          "name" : "https://github.com/FasterXML/jackson-databind/issues/3003",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
          "name" : "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210205-0005/",
          "name" : "https://security.netapp.com/advisory/ntap-20210205-0005/",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html",
          "name" : "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.9.0",
          "versionEndExcluding" : "2.9.10.8",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.1,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.2,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-01-07T00:15Z",
    "lastModifiedDate" : "2021-05-05T15:03Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-36180",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-502"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/FasterXML/jackson-databind/issues/3004",
          "name" : "https://github.com/FasterXML/jackson-databind/issues/3004",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
          "name" : "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210205-0005/",
          "name" : "https://security.netapp.com/advisory/ntap-20210205-0005/",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html",
          "name" : "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.9.0",
          "versionEndExcluding" : "2.9.10.8",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.1,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.2,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-01-07T00:15Z",
    "lastModifiedDate" : "2021-05-05T15:03Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-27841",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-122"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1907510",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1907510",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/",
          "name" : "FEDORA-2020-d32853a28d",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202101-29",
          "name" : "GLSA-202101-29",
          "refsource" : "GENTOO",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html",
          "name" : "[debian-lts-announce] 20210208 [SECURITY] [DLA 2550-1] openjpeg2 security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4882",
          "name" : "DSA-4882",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "2.4.0",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2021-01-05T18:15Z",
    "lastModifiedDate" : "2021-05-05T12:54Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-25013",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b",
          "name" : "https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=24973",
          "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=24973",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/",
          "name" : "FEDORA-2021-6feb090c97",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/",
          "name" : "FEDORA-2021-6e581c051a",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210205-0004/",
          "name" : "https://security.netapp.com/advisory/ntap-20210205-0004/",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "name" : "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210420 [jira] [Created] (KAFKA-12698) CVE-2019-25013 vulnerability reported in Kafka",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7@%3Cdev.kafka.apache.org%3E",
          "name" : "[kafka-dev] 20210420 [jira] [Created] (KAFKA-12698) CVE-2019-25013 vulnerability reported in Kafka",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210423 [jira] [Created] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210423 [jira] [Commented] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc@%3Cdev.zookeeper.apache.org%3E",
          "name" : "[zookeeper-dev] 20210423 [jira] [Created] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210423 [jira] [Updated] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20210423 [jira] [Comment Edited] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210506 [jira] [Resolved] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "2.32",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:netapp:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:baseboard_management_controller_a250_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:baseboard_management_controller_a250:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:baseboard_management_controller_500f_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:baseboard_management_controller_500f:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:kafka:2.6.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 5.9,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.2,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.1
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2021-01-04T18:15Z",
    "lastModifiedDate" : "2021-05-06T14:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-14874",
        "ASSIGNER" : "secalert_us@oracle.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.oracle.com/security-alerts/oracle-cves-outside-other-oracle-public-documents.html",
          "name" : "https://www.oracle.com/security-alerts/oracle-cves-outside-other-oracle-public-documents.html",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Vulnerability in the Oracle Cloud Infrastructure Identity and Access Management product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infrastructure Identity and Access Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Cloud Infrastructure Identity and Access Management accessible data as well as unauthorized read access to a subset of Oracle Cloud Infrastructure Identity and Access Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Cloud Infrastructure Identity and Access Management."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:cloud_infrastructure_identity_and_access_management:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "LOW",
          "baseScore" : 4.7,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.2,
        "impactScore" : 3.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-12-22T22:15Z",
    "lastModifiedDate" : "2021-05-10T12:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-8286",
        "ASSIGNER" : "cve-assignments@hackerone.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-295"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://hackerone.com/reports/1048457",
          "name" : "https://hackerone.com/reports/1048457",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://curl.se/docs/CVE-2020-8286.html",
          "name" : "https://curl.se/docs/CVE-2020-8286.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/",
          "name" : "FEDORA-2020-ceaf490686",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html",
          "name" : "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/",
          "name" : "FEDORA-2020-7ab62c73bc",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202012-14",
          "name" : "GLSA-202012-14",
          "refsource" : "GENTOO",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210122-0007/",
          "name" : "https://security.netapp.com/advisory/ntap-20210122-0007/",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4881",
          "name" : "DSA-4881",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://support.apple.com/kb/HT212325",
          "name" : "https://support.apple.com/kb/HT212325",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://support.apple.com/kb/HT212326",
          "name" : "https://support.apple.com/kb/HT212326",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://support.apple.com/kb/HT212327",
          "name" : "https://support.apple.com/kb/HT212327",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://seclists.org/fulldisclosure/2021/Apr/51",
          "name" : "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
          "refsource" : "FULLDISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.41.0",
          "versionEndExcluding" : "7.74.0",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:hci_storage_node_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "10.14.6",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "10.15",
          "versionEndExcluding" : "10.15.7",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "11.0",
          "versionEndExcluding" : "11.3",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-12-14T20:15Z",
    "lastModifiedDate" : "2021-05-03T20:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-8285",
        "ASSIGNER" : "cve-assignments@hackerone.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          }, {
            "lang" : "en",
            "value" : "CWE-674"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://curl.se/docs/CVE-2020-8285.html",
          "name" : "https://curl.se/docs/CVE-2020-8285.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://hackerone.com/reports/1045844",
          "name" : "https://hackerone.com/reports/1045844",
          "refsource" : "MISC",
          "tags" : [ "Permissions Required" ]
        }, {
          "url" : "https://github.com/curl/curl/issues/6255",
          "name" : "https://github.com/curl/curl/issues/6255",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/",
          "name" : "FEDORA-2020-ceaf490686",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html",
          "name" : "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/",
          "name" : "FEDORA-2020-7ab62c73bc",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202012-14",
          "name" : "GLSA-202012-14",
          "refsource" : "GENTOO",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210122-0007/",
          "name" : "https://security.netapp.com/advisory/ntap-20210122-0007/",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4881",
          "name" : "DSA-4881",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://support.apple.com/kb/HT212325",
          "name" : "https://support.apple.com/kb/HT212325",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://support.apple.com/kb/HT212326",
          "name" : "https://support.apple.com/kb/HT212326",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://support.apple.com/kb/HT212327",
          "name" : "https://support.apple.com/kb/HT212327",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://seclists.org/fulldisclosure/2021/Apr/51",
          "name" : "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
          "refsource" : "FULLDISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.21.0",
          "versionEndExcluding" : "7.74.0",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:hci_storage_node_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "10.14.6",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "10.15",
          "versionEndExcluding" : "10.15.7",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "11.0",
          "versionEndExcluding" : "11.3",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-12-14T20:15Z",
    "lastModifiedDate" : "2021-05-03T20:34Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-8284",
        "ASSIGNER" : "cve-assignments@hackerone.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-200"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://hackerone.com/reports/1040166",
          "name" : "https://hackerone.com/reports/1040166",
          "refsource" : "MISC",
          "tags" : [ "Permissions Required" ]
        }, {
          "url" : "https://curl.se/docs/CVE-2020-8284.html",
          "name" : "https://curl.se/docs/CVE-2020-8284.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/",
          "name" : "FEDORA-2020-ceaf490686",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html",
          "name" : "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/",
          "name" : "FEDORA-2020-7ab62c73bc",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202012-14",
          "name" : "GLSA-202012-14",
          "refsource" : "GENTOO",
          "tags" : [ ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210122-0007/",
          "name" : "https://security.netapp.com/advisory/ntap-20210122-0007/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://www.debian.org/security/2021/dsa-4881",
          "name" : "DSA-4881",
          "refsource" : "DEBIAN",
          "tags" : [ ]
        }, {
          "url" : "https://support.apple.com/kb/HT212325",
          "name" : "https://support.apple.com/kb/HT212325",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://support.apple.com/kb/HT212326",
          "name" : "https://support.apple.com/kb/HT212326",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://support.apple.com/kb/HT212327",
          "name" : "https://support.apple.com/kb/HT212327",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "7.73.0",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.7,
          "baseSeverity" : "LOW"
        },
        "exploitabilityScore" : 2.2,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-12-14T20:15Z",
    "lastModifiedDate" : "2021-05-07T02:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-7791",
        "ASSIGNER" : "report@snyk.io"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/turquoiseowl/i18n/issues/387",
          "name" : "https://github.com/turquoiseowl/i18n/issues/387",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/turquoiseowl/i18n/commit/c418e3345313dc896c1951d8c46ab0b9b12fcbd3",
          "name" : "https://github.com/turquoiseowl/i18n/commit/c418e3345313dc896c1951d8c46ab0b9b12fcbd3",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://snyk.io/vuln/SNYK-DOTNET-I18N-1050179",
          "name" : "https://snyk.io/vuln/SNYK-DOTNET-I18N-1050179",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc2abba7aa0450198494bbee654fce9b97fad72a4989323e189faede4@%3Cdev.myfaces.apache.org%3E",
          "name" : "[myfaces-dev] 20210506 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #821: build: CVE fix",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210506 [GitHub] [druid] jihoonson commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r9744574911e7e4edf5f4eeae92a4ccc83e3723cec937950062bb8775@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210506 [GitHub] [druid] maytasm opened a new pull request #11215: Suppressing false positive CVE-2020-7791",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r394b1ae54693609a60ea8aab02ff045dc92f593aa3aebff562e69958@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210506 [GitHub] [druid] maytasm merged pull request #11215: Suppressing false positive CVE-2020-7791",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210506 [GitHub] [druid] maytasm commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra5047392edf1fecba441c9adc8807ed6c5f7d2cc71f2f3bb89f35371@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210506 [GitHub] [druid] clintropolis opened a new pull request #11217: [Backport] Suppressing false positive CVE-2020-7791",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210507 [druid] branch 0.21.1 updated: Suppressing false positive CVE-2020-7791 (#11215) (#11217)",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc850d0fce066f9eb9e8553172d9207bad7df4d2059d93abc5c7e85c4@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210507 [GitHub] [druid] clintropolis commented on pull request #11217: [Backport] Suppressing false positive CVE-2020-7791",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r1573c58dc283b05f7a40a3f5ff0079b5bbde0492d406ee0fe98d40b6@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210507 [GitHub] [druid] clintropolis merged pull request #11217: [Backport] Suppressing false positive CVE-2020-7791",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "This affects the package i18n before 2.1.15. Vulnerability arises out of insufficient handling of erroneous language tags in src/i18n/Concrete/TextLocalizer.cs and src/i18n/LocalizedApplication.cs."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:i18n_project:i18n:*:*:*:*:*:asp.net:*:*",
          "versionEndExcluding" : "2.1.15",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-12-11T17:15Z",
    "lastModifiedDate" : "2021-05-07T11:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-17515",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cusers.airflow.apache.org%3E",
          "name" : "[airflow-users] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515",
          "refsource" : "MLIST",
          "tags" : [ "Issue Tracking", "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e@%3Cusers.airflow.apache.org%3E",
          "name" : "[airflow-users] 20201211 CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter",
          "refsource" : "MLIST",
          "tags" : [ "Issue Tracking", "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cdev.airflow.apache.org%3E",
          "name" : "[airflow-dev] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2020/12/11/2",
          "name" : "[oss-security] 20201211 CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cannounce.apache.org%3E",
          "name" : "[announce] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E",
          "name" : "[airflow-users] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/01/2",
          "name" : "[oss-security] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E",
          "name" : "[announce] 20210501 Apache Airflow CVE: CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.10.13",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2020-12-11T14:15Z",
    "lastModifiedDate" : "2021-05-04T00:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-8908",
        "ASSIGNER" : "security@google.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-732"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40",
          "name" : "https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/google/guava/issues/4011",
          "name" : "https://github.com/google/guava/issues/4011",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415",
          "name" : "https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e@%3Ccommits.ws.apache.org%3E",
          "name" : "[ws-commits] 20210104 [ws-wss4j] branch 2_3_x-fixes updated: Updating Guava to 30.1 due to CVE-2020-8908",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8d37a07ef4bc8222@%3Ccommits.ws.apache.org%3E",
          "name" : "[ws-commits] 20210104 [ws-wss4j] branch master updated: Updating Guava to 30.1 due to CVE-2020-8908",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6@%3Ccommits.cxf.apache.org%3E",
          "name" : "[cxf-commits] 20210104 [cxf] 02/02: Updating Guava to 30.1 due to CVE-2020-8908",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf@%3Ccommits.cxf.apache.org%3E",
          "name" : "[cxf-commits] 20210104 [cxf] 03/04: Updating Guava to 30.1 due to CVE-2020-8908",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba@%3Cissues.maven.apache.org%3E",
          "name" : "[maven-issues] 20210122 [GitHub] [maven-indexer] akurtakov opened a new pull request #75: Remove guava dependency from indexer-core",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a@%3Ctorque-dev.db.apache.org%3E",
          "name" : "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604@%3Ctorque-dev.db.apache.org%3E",
          "name" : "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748@%3Ccommits.pulsar.apache.org%3E",
          "name" : "[pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10149: Upgrade jclouds to 2.3.0 to fix security vulnerabilities",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594@%3Cdev.myfaces.apache.org%3E",
          "name" : "[myfaces-dev] 20210506 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #817: build: CVE fix",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:google:guava:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "30.0",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.11.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.3,
          "baseSeverity" : "LOW"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-12-10T23:15Z",
    "lastModifiedDate" : "2021-05-06T14:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-25693",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          }, {
            "lang" : "en",
            "value" : "CWE-190"
          }, {
            "lang" : "en",
            "value" : "CWE-122"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1893377",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1893377",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MJ5Q7NNUPXATTBUKHFKIYYAV5GJDYCZL/",
          "name" : "FEDORA-2021-ca1151e997",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QZ3NPLYXZWEL7HETIFZVCXEZZ2WYYRWA/",
          "name" : "FEDORA-2021-bc6585e31a",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERBZALTF7LXN2LZLPGAUSVMV53GHHTUC/",
          "name" : "FEDORA-2021-2aaba884af",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cimg:cimg:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "2.9.3",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.1,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2020-12-03T17:15Z",
    "lastModifiedDate" : "2021-05-05T13:06Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-25649",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-611"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/FasterXML/jackson-databind/issues/2589",
          "name" : "https://github.com/FasterXML/jackson-databind/issues/2589",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1887664",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1887664",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20201205 [GitHub] [kafka] sirocchj opened a new pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20201208 [GitHub] [druid] jihoonson opened a new pull request #10655: Bump up jackson-databind to 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20201209 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20201209 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20201210 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20201215 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cusers.kafka.apache.org%3E",
          "name" : "[kafka-users] 20201215 Re: [VOTE] 2.7.0 RC5",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cdev.kafka.apache.org%3E",
          "name" : "[kafka-dev] 20201215 Re: [VOTE] 2.7.0 RC5",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20201215 [GitHub] [kafka] ijuma merged pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20201215 [GitHub] [kafka] ijuma edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210105 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3Cdev.zookeeper.apache.org%3E",
          "name" : "[zookeeper-dev] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cusers.kafka.apache.org%3E",
          "name" : "[kafka-users] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cdev.kafka.apache.org%3E",
          "name" : "[kafka-dev] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] edwin092 opened a new pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210106 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] asfgit closed pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] nkalmar commented on pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20210106 [zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20210108-0007/",
          "name" : "https://security.netapp.com/advisory/ntap-20210108-0007/",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20210116 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20210121 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20210122 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3Ccommits.tomee.apache.org%3E",
          "name" : "[tomee-commits] 20210127 [jira] [Created] (TOMEE-2965) CVE-2020-25649 - Update jackson databind",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/",
          "name" : "FEDORA-2021-1d8254899c",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3Ccommits.karaf.apache.org%3E",
          "name" : "[karaf-commits] 20210217 [GitHub] [karaf] svogt opened a new pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3Ccommits.karaf.apache.org%3E",
          "name" : "[karaf-commits] 20210217 [karaf] branch master updated: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3Ccommits.karaf.apache.org%3E",
          "name" : "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre merged pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3Ccommits.karaf.apache.org%3E",
          "name" : "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre commented on pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20210223 [jira] [Assigned] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20210223 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3Cdev.hive.apache.org%3E",
          "name" : "[hive-dev] 20210223 [jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20210223 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20210315 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3Ccommits.turbine.apache.org%3E",
          "name" : "[turbine-commits] 20210316 svn commit: r1887732 - in /turbine/fulcrum/trunk/json: ./ jackson/ jackson/src/test/org/apache/fulcrum/json/jackson/ jackson2/ jackson2/src/test/org/apache/fulcrum/json/jackson/ jackson2/src/test/org/apache/fulcrum/json/jackson/mixins/",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20210316 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3Creviews.iotdb.apache.org%3E",
          "name" : "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 opened a new pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3Cnotifications.iotdb.apache.org%3E",
          "name" : "[iotdb-notifications] 20210324 [jira] [Created] (IOTDB-1256) Jackson have loopholes CVE-2020-25649",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3Creviews.iotdb.apache.org%3E",
          "name" : "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 closed pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3Ccommits.iotdb.apache.org%3E",
          "name" : "[iotdb-commits] 20210325 [iotdb] branch master updated: [IOTDB-1256] upgrade Jackson to 2.11.0 because of loopholes CVE-2020-25649 (#2896)",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3Creviews.iotdb.apache.org%3E",
          "name" : "[iotdb-reviews] 20210325 [GitHub] [iotdb] jixuan1989 merged pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20210503 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.6.0",
          "versionEndExcluding" : "2.6.7.4",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.9.0",
          "versionEndExcluding" : "2.9.10.7",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.10.0",
          "versionEndExcluding" : "2.10.5.1",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "1.6.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-12-03T17:15Z",
    "lastModifiedDate" : "2021-05-03T20:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-14383",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-Other"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.samba.org/samba/security/CVE-2020-14383.html",
          "name" : "https://www.samba.org/samba/security/CVE-2020-14383.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1892636",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1892636",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202012-24",
          "name" : "GLSA-202012-24",
          "refsource" : "GENTOO",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "4.0.0",
          "versionEndExcluding" : "4.11.15",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "4.12.0",
          "versionEndExcluding" : "4.12.9",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "4.13.0",
          "versionEndExcluding" : "4.13.1",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-12-02T01:15Z",
    "lastModifiedDate" : "2021-05-05T12:57Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-28928",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://www.openwall.com/lists/oss-security/2020/11/20/4",
          "name" : "http://www.openwall.com/lists/oss-security/2020/11/20/4",
          "refsource" : "CONFIRM",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://musl.libc.org/releases.html",
          "name" : "https://musl.libc.org/releases.html",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2020/11/msg00050.html",
          "name" : "[debian-lts-announce] 20201130 [SECURITY] [DLA 2474-1] musl security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r90b60cf49348e515257b4950900c1bd3ab95a960cf2469d919c7264e@%3Cnotifications.apisix.apache.org%3E",
          "name" : "[apisix-notifications] 20210428 [apisix-docker] branch master updated: fix: upgrade alpine version due to CVE-2020-28928 (#166)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra63e8dc5137d952afc55dbbfa63be83304ecf842d1eab1ff3ebb29e2@%3Cnotifications.apisix.apache.org%3E",
          "name" : "[apisix-notifications] 20210428 [GitHub] [apisix-docker] tao12345666333 opened a new pull request #166: fix: upgrade alpine version due to CVE-2020-28928",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2134abfe847bea7795f0e53756d10a47e6643f35ab8169df8b8a9eb1@%3Cnotifications.apisix.apache.org%3E",
          "name" : "[apisix-notifications] 20210428 [GitHub] [apisix-docker] starsz merged pull request #166: fix: upgrade alpine version due to CVE-2020-28928",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:musl-libc:musl:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "1.2.1",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-11-24T18:15Z",
    "lastModifiedDate" : "2021-05-04T14:04Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-13942",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-74"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://unomi.apache.org./security/cve-2020-13942.txt",
          "name" : "N/A",
          "refsource" : "CONFIRM",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4a8fa91836687eaca42b5420a778ca8c8fd3a3740e4cf4401acc9118@%3Cusers.unomi.apache.org%3E",
          "name" : "[unomi-users] 20201124 Apache Unomi 1.5.4 Release",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4a8fa91836687eaca42b5420a778ca8c8fd3a3740e4cf4401acc9118@%3Cdev.unomi.apache.org%3E",
          "name" : "[unomi-dev] 20201124 Apache Unomi 1.5.4 Release",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rcb6d2eafcf15def433aaddfa06738e5faa5060cef2647769e178999a@%3Cusers.unomi.apache.org%3E",
          "name" : "[unomi-users] 20201124 CVE-2020-13942: Remote Code Execution in Apache Unomi",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rcb6d2eafcf15def433aaddfa06738e5faa5060cef2647769e178999a@%3Cdev.unomi.apache.org%3E",
          "name" : "[unomi-dev] 20201124 CVE-2020-13942: Remote Code Execution in Apache Unomi",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2020/11/24/5",
          "name" : "[oss-security] 20201124 CVE-2020-13942: Remote Code Execution in Apache Unomi",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r08a4057ff7196b8880117edaa4b6207cbd36ed692d8dd1f5a56b4d0f@%3Cannounce.apache.org%3E",
          "name" : "[announce] 20201124 CVE-2020-13942: Remote Code Execution in Apache Unomi",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://advisory.checkmarx.net/advisory/CX-2020-4284",
          "name" : "https://advisory.checkmarx.net/advisory/CX-2020-4284",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r79672c25e0ef9bb4b9148376281200a8e61c6d5ef5bb705e9a363460@%3Ccommits.unomi.apache.org%3E",
          "name" : "[unomi-commits] 20210428 svn commit: r1889256 - in /unomi/website: contribute-release-guide.html documentation.html download.html index.html security/cve-2021-31164.txt",
          "refsource" : "MLIST",
          "tags" : [ "Exploit", "Mailing List", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest available version of the 1.5.x release to fix this problem."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:unomi:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.5.0",
          "versionEndExcluding" : "1.5.2",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-11-24T18:15Z",
    "lastModifiedDate" : "2021-05-05T13:26Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-11209",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/",
          "name" : "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/",
          "name" : "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Improper authorization in DSP process could allow unauthorized users to downgrade the library versions in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sd820_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sd820:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sd821_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sd821:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcs603_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcs603:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sda855_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sda855:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa6155:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sd855:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_675:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sd660_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sd660:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sd429_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sd429:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sd439_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sd439:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-11-12T10:15Z",
    "lastModifiedDate" : "2021-05-10T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-11208",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-191"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/",
          "name" : "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/",
          "name" : "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument' in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sd820_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sd820:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sd821_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sd821:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcs603_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcs603:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sda855_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sda855:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa6155:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sd855:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sd675_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sd675:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sd660_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sd660:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sd429_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sd429:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sd439_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sd439:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-11-12T10:15Z",
    "lastModifiedDate" : "2021-05-10T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-11207",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-120"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/",
          "name" : "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/",
          "name" : "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8052, APQ8056, APQ8076, APQ8096, APQ8096SG, APQ8098, MDM9655, MSM8952, MSM8956, MSM8976, MSM8976SG, MSM8996, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:apq8052_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:apq8052:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:apq8056_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:apq8056:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:apq8076_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:apq8076:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:apq8096_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:apq8096:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:apq8098_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:apq8098:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8952_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8952:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8956_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8956:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8976_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8976:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8976sg_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8976sg:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8996_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8996:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8996sg_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8996sg:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8998_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8998:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcm4290:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcm6125:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcs410:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcs4290:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcs610:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcs6125:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qsm8250_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qsm8250:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa6150p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa6155:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa8155:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sc7180_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sc7180:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sda640_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sda640:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sda845_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sda845:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sda855_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sda855:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm640_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm640:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm830_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm830:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm845:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm850_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm850:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx50m_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx50m:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx55m:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm4250_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm4250:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm4250p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm4250p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6115_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6115:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6115p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6115p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6125_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6125:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6150p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6150p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6250:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6250p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6350_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6350:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm7125_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm7125:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm7150p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm7150p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm7225_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm7225:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm7250_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm7250:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm7250p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm8150p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm8150p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm8250:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sxr2130p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sxr2130p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-11-12T10:15Z",
    "lastModifiedDate" : "2021-05-10T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-11206",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-Other"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/",
          "name" : "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/",
          "name" : "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:apq8098_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:apq8098:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8998_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8998:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcm4290:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcm6125:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcs410:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcs4290:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcs610:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcs6125:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qsm8250_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qsm8250:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qsm8350_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qsm8350:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa6150p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa6155:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa8155:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sc7180_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sc7180:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sda640_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sda640:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sda845_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sda845:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sda855_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sda855:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm640_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm640:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm830_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm830:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm845:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm850_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm850:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx50m_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx50m:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx55m:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm4250_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm4250:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm4250p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm4250p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6115_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6115:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6115p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6115p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6125_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6125:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6150p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6150p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6250:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6250p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6350_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6350:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm7125_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm7125:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm7150p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm7150p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm7225_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm7225:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm7250_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm7250:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm7250p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm8150p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm8150p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm8250:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm8350_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm8350:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm8350p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm8350p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sxr2130p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sxr2130p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-11-12T10:15Z",
    "lastModifiedDate" : "2021-05-10T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-11202",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/",
          "name" : "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/",
          "name" : "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA845, SDM640, SDM670, SDM710, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcm6125:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcs410:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcs603_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcs603:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcs610:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcs6125:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa6155:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa8155:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sda640_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sda640:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sda670_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sda670:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sda845_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sda845:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm640_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm640:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm670_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm670:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm710_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm710:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm830_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm830:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm845:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx50m_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx50m:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx55m:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6125_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6125:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6150p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6150p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6250:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6250p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm7125_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm7125:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm7150p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm7150p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm8150p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm8150p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-11-12T10:15Z",
    "lastModifiedDate" : "2021-05-10T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-11201",
        "ASSIGNER" : "product-security@qualcomm.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
          "name" : "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/",
          "name" : "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/",
          "name" : "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA845, SDM640, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcm6125:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcs410:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcs603_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcs603:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcs610:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:qcs6125:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa6155:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa8155:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sda640_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sda640:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sda845_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sda845:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm640_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm640:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm830_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm830:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm845:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx50m_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx50m:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx55m:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6125_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6125:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6250:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm6250p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm7125_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm7125:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm7150p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm7150p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:qualcomm:sm8150p_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:qualcomm:sm8150p:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-11-12T10:15Z",
    "lastModifiedDate" : "2021-05-10T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-0454",
        "ASSIGNER" : "security@android.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-732"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://source.android.com/security/bulletin/2020-11-01",
          "name" : "https://source.android.com/security/bulletin/2020-11-01",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.usenix.org/conference/usenixsecurity19/presentation/reardon",
          "name" : "https://www.usenix.org/conference/usenixsecurity19/presentation/reardon",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://www.usenix.org/system/files/sec19-reardon.pdf",
          "name" : "https://www.usenix.org/system/files/sec19-reardon.pdf",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In callCallbackForRequest of ConnectivityService.java, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of the current SSID with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-161370134"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-11-10T13:15Z",
    "lastModifiedDate" : "2021-05-05T12:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-17510",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-306"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://lists.apache.org/thread.html/rc2cff2538b683d480426393eecf1ce8dd80e052fbef49303b4f47171%40%3Cdev.shiro.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/rc2cff2538b683d480426393eecf1ce8dd80e052fbef49303b4f47171%40%3Cdev.shiro.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r95bdf3703858b5f958b5e190d747421771b430d97095880db91980d6@%3Cannounce.apache.org%3E",
          "name" : "[announce] 20201105 [CVE-2020-17510] Apache Shiro 1.7.0 released",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r70098e336d02047ce4d4e69293fe8d558cd68cde06f6430398959bc4@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20201221 Re: Request for assistance to backport CVE-2020-13933 fix",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb47d88af224e396ee34ffb88ee99fb6d04510de5722cf14b7137e6bc@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20201222 Re: Request for assistance to backport CVE-2020-13933 fix",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r575301804bfac87a064359cf4b4ae9d514f2d10db7d44120765f4129@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20210130 Re: Request for assistance to backport CVE-2020-13933 fix",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r70b907ccb306e9391145e2b10f56cc6914a245f91720a17a486c020a@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20210316 Re: Request for assistance to backport CVE-2020-13933 fix",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r9d93dfb5df016b1a71a808486bc8f9fbafebbdbc8533625f91253f1d@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20210331 Re: Request for assistance to backport CVE-2020-13933 fix",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re25b8317b00a50272a7252c4552cf1a81a97984cc2111ef7728e48e0@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20210407 Re: Request for assistance to backport CVE-2020-13933 fix",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r852971e28f54cafa7d325bd7033115c67d613b112a2a1076817390ac@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20210504 Re: Request for assistance to backport CVE-2020-13933 fix",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.7.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-11-05T21:15Z",
    "lastModifiedDate" : "2021-05-05T03:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-8037",
        "ASSIGNER" : "security@tcpdump.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-770"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231",
          "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2020/11/msg00018.html",
          "name" : "[debian-lts-announce] 20201110 [SECURITY] [DLA 2444-1] tcpdump security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LWDBONZVLC6BAOR2KM376DJCM4H3FERV/",
          "name" : "FEDORA-2020-fae2e1f2bc",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2MX34MJIUJQGL6CMEPLTKFOOOC3CJ4Z/",
          "name" : "FEDORA-2020-c5e78886d6",
          "refsource" : "FEDORA",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://support.apple.com/kb/HT212327",
          "name" : "https://support.apple.com/kb/HT212327",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://support.apple.com/kb/HT212326",
          "name" : "https://support.apple.com/kb/HT212326",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://support.apple.com/kb/HT212325",
          "name" : "https://support.apple.com/kb/HT212325",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://seclists.org/fulldisclosure/2021/Apr/51",
          "name" : "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
          "refsource" : "FULLDISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:tcpdump:tcpdump:4.9.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "10.14.6",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "10.15",
          "versionEndExcluding" : "10.15.7",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "11.0",
          "versionEndExcluding" : "11.3",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-11-04T18:15Z",
    "lastModifiedDate" : "2021-05-05T13:12Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-10746",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-862"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1835922",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1835922",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:infinispan:infinispan:10.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 4.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 5.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 7.8,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-10-19T21:15Z",
    "lastModifiedDate" : "2021-05-04T20:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-15251",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-863"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://pypi.org/project/sopel-plugins.channelmgnt/",
          "name" : "https://pypi.org/project/sopel-plugins.channelmgnt/",
          "refsource" : "MISC",
          "tags" : [ "Product", "Third Party Advisory" ]
        }, {
          "url" : "https://phab.bots.miraheze.wiki/T117",
          "name" : "https://phab.bots.miraheze.wiki/T117",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://github.com/MirahezeBots/sopel-channelmgnt/pull/3",
          "name" : "https://github.com/MirahezeBots/sopel-channelmgnt/pull/3",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/MirahezeBots/sopel-channelmgnt/security/advisories/GHSA-j257-jfvv-h3x5",
          "name" : "https://github.com/MirahezeBots/sopel-channelmgnt/security/advisories/GHSA-j257-jfvv-h3x5",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/MirahezeBots/MirahezeBots/security/advisories/GHSA-23pc-4339-95vg",
          "name" : "https://github.com/MirahezeBots/MirahezeBots/security/advisories/GHSA-23pc-4339-95vg",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://phab.bots.miraheze.wiki/phame/live/1/post/1/summary/",
          "name" : "https://phab.bots.miraheze.wiki/phame/live/1/post/1/summary/",
          "refsource" : "MISC",
          "tags" : [ "Broken Link", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2 includes 1.0.3 of channelmgnt, and thus is safe from this vulnerability. See referenced GHSA-23pc-4339-95vg."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:mirahezebots:channelmgnt:*:*:*:*:*:sopel:*:*",
          "versionEndExcluding" : "1.0.3",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-10-13T18:15Z",
    "lastModifiedDate" : "2021-05-04T14:02Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-26880",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-269"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420",
          "name" : "https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235",
          "name" : "https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/sympa-community/sympa/issues/1009",
          "name" : "https://github.com/sympa-community/sympa/issues/1009",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html",
          "name" : "[debian-lts-announce] 20201109 [SECURITY] [DLA 2441-1] sympa security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2TKOL454ZKKLQCUSUPNEZ52WELN4OAH/",
          "name" : "FEDORA-2021-a309986711",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5MFWWYY4TSQAXBWZ6SBFX43BLUL3WWI/",
          "name" : "FEDORA-2021-aa993dd633",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5CUVLHGWCDA6B2NH467ZMKL6O2NGLQZN/",
          "name" : "FEDORA-2021-af8fa074ad",
          "refsource" : "FEDORA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "6.2.56",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:sympa:sympa:6.2.57:beta1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:sympa:sympa:6.2.57:beta2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-10-07T18:15Z",
    "lastModifiedDate" : "2021-05-09T03:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-14375",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-367"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.openwall.com/lists/oss-security/2020/09/28/3",
          "name" : "https://www.openwall.com/lists/oss-security/2020/09/28/3",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1879468",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1879468",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking" ]
        }, {
          "url" : "https://usn.ubuntu.com/4550-1/",
          "name" : "USN-4550-1",
          "refsource" : "UBUNTU",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html",
          "name" : "openSUSE-SU-2020:1593",
          "refsource" : "SUSE",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html",
          "name" : "openSUSE-SU-2020:1599",
          "refsource" : "SUSE",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/01/04/5",
          "name" : "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/01/04/2",
          "name" : "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/01/04/1",
          "name" : "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "18.02.1",
          "versionEndExcluding" : "18.11.10",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "19.02",
          "versionEndExcluding" : "19.11.5",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.1,
        "impactScore" : 6.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.4
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.4,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-09-30T19:15Z",
    "lastModifiedDate" : "2021-05-05T13:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-13953",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-552"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://lists.apache.org/thread.html/r50eb12e8a12074a9b7ed63cbab91d180d19cc23dc1da3ed5b6e1280f%40%3Cusers.tapestry.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/r50eb12e8a12074a9b7ed63cbab91d180d19cc23dc1da3ed5b6e1280f%40%3Cusers.tapestry.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb@%3Cusers.tapestry.apache.org%3E",
          "name" : "[tapestry-users] 20210427 CVE-2021-30638: An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "5.4.0",
          "versionEndExcluding" : "5.6.4",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "5.7.0",
          "versionEndExcluding" : "5.7.2",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-09-30T18:15Z",
    "lastModifiedDate" : "2021-05-05T13:18Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-15216",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-347"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7",
          "name" : "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://pkg.go.dev/github.com/russellhaering/goxmldsig?tab=overview",
          "name" : "https://pkg.go.dev/github.com/russellhaering/goxmldsig?tab=overview",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64",
          "name" : "https://github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZECBFD4M4PHBMBOCMSQ537NOU37QOVWP/",
          "name" : "FEDORA-2021-a2a7673da2",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GUH33FPUXED3FHYL25BJOQPRKFGPOMS2/",
          "name" : "FEDORA-2021-9316ee2948",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb9615e64 or version 1.1.0"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:goxmldsig_project:goxmldsig:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.1.0",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2020-09-29T16:15Z",
    "lastModifiedDate" : "2021-05-05T13:18Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-15160",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/PrestaShop/PrestaShop/commit/3fa0dfa5a8f4b149c7c90b948a12b4f5999a5ef8",
          "name" : "https://github.com/PrestaShop/PrestaShop/commit/3fa0dfa5a8f4b149c7c90b948a12b4f5999a5ef8",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8",
          "name" : "https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fghq-8h87-826g",
          "name" : "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fghq-8h87-826g",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162140/PrestaShop-1.7.6.7-SQL-Injection.html",
          "name" : "http://packetstormsecurity.com/files/162140/PrestaShop-1.7.6.7-SQL-Injection.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.7.5.0",
          "versionEndExcluding" : "1.7.6.8",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-09-24T23:15Z",
    "lastModifiedDate" : "2021-05-05T13:19Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-13944",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://lists.apache.org/thread.html/r97e1b60ca508a86be58c43f405c0c8ff00ba467ba0bee68704ae7e3e%40%3Cdev.airflow.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/r97e1b60ca508a86be58c43f405c0c8ff00ba467ba0bee68704ae7e3e%40%3Cdev.airflow.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cusers.airflow.apache.org%3E",
          "name" : "[airflow-users] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e@%3Cusers.airflow.apache.org%3E",
          "name" : "[airflow-users] 20201211 CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cdev.airflow.apache.org%3E",
          "name" : "[airflow-dev] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2020/12/11/2",
          "name" : "[oss-security] 20201211 CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cannounce.apache.org%3E",
          "name" : "[announce] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E",
          "name" : "[airflow-users] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/01/2",
          "name" : "[oss-security] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E",
          "name" : "[announce] 20210501 Apache Airflow CVE: CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In Apache Airflow < 1.10.12, the \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.10.12",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2020-09-17T14:15Z",
    "lastModifiedDate" : "2021-05-04T00:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-25453",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-352"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/BlackCatDevelopment/BlackCatCMS/issues/389",
          "name" : "https://github.com/BlackCatDevelopment/BlackCatCMS/issues/389",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/159237/BlackCat-CMS-1.3.6-Cross-Site-Request-Forgery.html",
          "name" : "http://packetstormsecurity.com/files/159237/BlackCat-CMS-1.3.6-Cross-Site-Request-Forgery.html",
          "refsource" : "MISC",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:blackcat-cms:blackcat_cms:1.3.6:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2020-09-15T22:15Z",
    "lastModifiedDate" : "2021-05-06T19:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-24616",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-94"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
          "name" : "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/FasterXML/jackson-databind/issues/2814",
          "name" : "https://github.com/FasterXML/jackson-databind/issues/2814",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20200904-0006/",
          "name" : "https://security.netapp.com/advisory/ntap-20200904-0006/",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.oracle.com/security-alerts/cpujan2021.html",
          "name" : "https://www.oracle.com/security-alerts/cpujan2021.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html",
          "name" : "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.9.0",
          "versionEndExcluding" : "2.9.10.6",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.0",
          "versionEndIncluding" : "8.2.2",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.1,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.2,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-08-25T18:15Z",
    "lastModifiedDate" : "2021-05-05T13:22Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-15152",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-918"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.npmjs.com/package/ftp-srv",
          "name" : "https://www.npmjs.com/package/ftp-srv",
          "refsource" : "MISC",
          "tags" : [ "Product", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/autovance/ftp-srv/commit/e449e75219d918c400dec65b4b0759f60476abca",
          "name" : "https://github.com/autovance/ftp-srv/commit/e449e75219d918c400dec65b4b0759f60476abca",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/autovance/ftp-srv/security/advisories/GHSA-jw37-5gqr-cf9j",
          "name" : "https://github.com/autovance/ftp-srv/security/advisories/GHSA-jw37-5gqr-cf9j",
          "refsource" : "CONFIRM",
          "tags" : [ "Mitigation", "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a connection elsewhere. A possible workaround is blocking the PORT through the configuration. This issue is fixed in version2 2.19.6, 3.1.2, and 4.3.4. More information can be found on the linked advisory."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ftp-srv_project:ftp-srv:*:*:*:*:*:node.js:*:*",
          "versionEndExcluding" : "2.19.6",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ftp-srv_project:ftp-srv:*:*:*:*:*:node.js:*:*",
          "versionStartIncluding" : "3.0.0",
          "versionEndExcluding" : "3.1.2",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ftp-srv_project:ftp-srv:*:*:*:*:*:node.js:*:*",
          "versionStartIncluding" : "4.0.0",
          "versionEndExcluding" : "4.3.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 9.1,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-08-17T22:15Z",
    "lastModifiedDate" : "2021-05-05T14:02Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-13933",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-287"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f0041068936912876856835f%40%3Cdev.shiro.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f0041068936912876856835f%40%3Cdev.shiro.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r18b45d560d76c4260813c802771cc9678aa651fb8340e09366bfa198@%3Cdev.geode.apache.org%3E",
          "name" : "[geode-dev] 20200831 Proposal to bring GEODE-8456 (shiro upgrade) to support branches",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r9ea6d8560d6354d41433ad006069904f0ed083527aa348b5999261a7@%3Cdev.geode.apache.org%3E",
          "name" : "[geode-dev] 20200901 Re: Proposal to bring GEODE-8456 (shiro upgrade) to support branches",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6ea0224c1971a91dc6ade1f22508119a9c3bd56cef656f0c44bbfabb@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20200924 Request for assistance to backport CVE-2020-13933 fix",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4c1e1249e9e1acb868db0c80728c13f448d07333da06a0f1603c0a33@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20201004 Re: Request for assistance to backport CVE-2020-13933 fix",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r8097b81905f2a113ebdf925bcbc6d8c9d6863c807c9ee42e1e7c9293@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20201217 Re: Request for assistance to backport CVE-2020-13933 fix",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb5edf49cd1451475dbcf53826ba6ef1bb7872dd6493d6112eb0c2bad@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20201219 Re: Request for assistance to backport CVE-2020-13933 fix",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4506cedc401d6b8de83787f8436aac83956e411d66848c84785db46d@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20201220 Re: Request for assistance to backport CVE-2020-13933 fix",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r70098e336d02047ce4d4e69293fe8d558cd68cde06f6430398959bc4@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20201221 Re: Request for assistance to backport CVE-2020-13933 fix",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb47d88af224e396ee34ffb88ee99fb6d04510de5722cf14b7137e6bc@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20201222 Re: Request for assistance to backport CVE-2020-13933 fix",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r575301804bfac87a064359cf4b4ae9d514f2d10db7d44120765f4129@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20210130 Re: Request for assistance to backport CVE-2020-13933 fix",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r70b907ccb306e9391145e2b10f56cc6914a245f91720a17a486c020a@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20210316 Re: Request for assistance to backport CVE-2020-13933 fix",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r9d93dfb5df016b1a71a808486bc8f9fbafebbdbc8533625f91253f1d@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20210331 Re: Request for assistance to backport CVE-2020-13933 fix",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re25b8317b00a50272a7252c4552cf1a81a97984cc2111ef7728e48e0@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20210407 Re: Request for assistance to backport CVE-2020-13933 fix",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r852971e28f54cafa7d325bd7033115c67d613b112a2a1076817390ac@%3Cdev.shiro.apache.org%3E",
          "name" : "[shiro-dev] 20210504 Re: Request for assistance to backport CVE-2020-13933 fix",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.6.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-08-17T21:15Z",
    "lastModifiedDate" : "2021-05-05T03:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-13285",
        "ASSIGNER" : "cve@gitlab.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://hackerone.com/reports/831962",
          "name" : "https://hackerone.com/reports/831962",
          "refsource" : "MISC",
          "tags" : [ "Permissions Required", "Third Party Advisory" ]
        }, {
          "url" : "https://gitlab.com/gitlab-org/gitlab/-/issues/212626",
          "name" : "https://gitlab.com/gitlab-org/gitlab/-/issues/212626",
          "refsource" : "MISC",
          "tags" : [ "Broken Link" ]
        }, {
          "url" : "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13285.json",
          "name" : "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13285.json",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
          "versionStartIncluding" : "12.9.0",
          "versionEndExcluding" : "13.0.12",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
          "versionStartIncluding" : "12.9.0",
          "versionEndExcluding" : "13.0.12",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
          "versionStartIncluding" : "13.1.0",
          "versionEndExcluding" : "13.1.6",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
          "versionStartIncluding" : "13.1.0",
          "versionEndExcluding" : "13.1.6",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
          "versionStartIncluding" : "13.2.0",
          "versionEndExcluding" : "13.2.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
          "versionStartIncluding" : "13.2.0",
          "versionEndExcluding" : "13.2.3",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.3,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2020-08-13T13:15Z",
    "lastModifiedDate" : "2021-05-03T19:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-12460",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://sourceforge.net/projects/opendmarc/",
          "name" : "https://sourceforge.net/projects/opendmarc/",
          "refsource" : "MISC",
          "tags" : [ "Product", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/trusteddomainproject/OpenDMARC/issues/64",
          "name" : "https://github.com/trusteddomainproject/OpenDMARC/issues/64",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202011-02",
          "name" : "GLSA-202011-02",
          "refsource" : "GENTOO",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/04/msg00026.html",
          "name" : "[debian-lts-announce] 20210425 [SECURITY] [DLA 2639-1] opendmarc security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JHDKMCZGE3W4XBP76NLI2Q7IOZHXLD4A/",
          "name" : "FEDORA-2021-c1b846164e",
          "refsource" : "FEDORA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:trusteddomain:opendmarc:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "1.3.2",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:trusteddomain:opendmarc:1.4.0:beta0:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:trusteddomain:opendmarc:1.4.0:beta1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-07-27T23:15Z",
    "lastModifiedDate" : "2021-05-08T03:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-9496",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://s.apache.org/l0994",
          "name" : "https://s.apache.org/l0994",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/raf6020f765f12711e817ce13df63ecd7d677eebea8001e0473ee7c84@%3Cannounce.apache.org%3E",
          "name" : "[announce] 20200715 [CVE-2020-9496] Apache OFBiz XML-RPC requests vulnerable without authentication",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rde93e1c91620335b72b798f78ab4459d3f7b06f96031d8ce86a18825@%3Cnotifications.ofbiz.apache.org%3E",
          "name" : "[ofbiz-notifications] 20200716 [jira] [Updated] (OFBIZ-11716) Apache OFBiz unsafe deserialization of XMLRPC arguments (CVE-2020-9496)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.html",
          "name" : "http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r8fb319dc1f196563955fbf5e9cf454fb9d6c27c2058066445af7f8cb@%3Cuser.ofbiz.apache.org%3E",
          "name" : "[ofbiz-user] 20201116 [CVE-2020-9496] Apache OFBiz unsafe deserialization of XMLRPC arguments",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra43cfe80226c3b23cd775f3543da10c035ad9c9943cfe8a680490730@%3Cuser.ofbiz.apache.org%3E",
          "name" : "[ofbiz-user] 20201117 Re: [CVE-2020-9496] Apache OFBiz unsafe deserialization of XMLRPC arguments",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.html",
          "name" : "http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0a0a701610b3bcdf14634047313adab3f1628bb9aa55cf29cd262ef5@%3Ccommits.ofbiz.apache.org%3E",
          "name" : "[ofbiz-commits] 20210321 [ofbiz-site] branch master updated: Updates security page for CVE-2021-26295 fixed in 17.12.06",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r108a964764b8bd21ebd32ccd4f51c183ee80a251c105b849154a8e9d@%3Ccommits.ofbiz.apache.org%3E",
          "name" : "[ofbiz-commits] 20210427 [ofbiz-site] branch master updated: Updates security page for CVE-2021-29200 and 30128 fixed in 17.12.07",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:ofbiz:17.12.03:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2020-07-15T16:15Z",
    "lastModifiedDate" : "2021-05-05T14:01Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-13923",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://s.apache.org/chokl",
          "name" : "https://s.apache.org/chokl",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2e669797c1ea08562253239d2dc4192d951945e0c36cb0754f5394a6@%3Cannounce.apache.org%3E",
          "name" : "[announce] 20200715 [CVE-2020-13923] IDOR in Apache OFBiz",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rac7e36c3daa60dd4b813f72942921b4fad71da821480ebcea96ecea1@%3Cnotifications.ofbiz.apache.org%3E",
          "name" : "[ofbiz-notifications] 20200716 [jira] [Updated] (OFBIZ-11836) IDOR vulnerability in the order processing feature in ecommerce component (CVE-2020-13923)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0a0a701610b3bcdf14634047313adab3f1628bb9aa55cf29cd262ef5@%3Ccommits.ofbiz.apache.org%3E",
          "name" : "[ofbiz-commits] 20210321 [ofbiz-site] branch master updated: Updates security page for CVE-2021-26295 fixed in 17.12.06",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r108a964764b8bd21ebd32ccd4f51c183ee80a251c105b849154a8e9d@%3Ccommits.ofbiz.apache.org%3E",
          "name" : "[ofbiz-commits] 20210427 [ofbiz-site] branch master updated: Updates security page for CVE-2021-29200 and 30128 fixed in 17.12.07",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "17.12.04",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-07-15T16:15Z",
    "lastModifiedDate" : "2021-05-03T20:37Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-14295",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/Cacti/cacti/issues/3622",
          "name" : "https://github.com/Cacti/cacti/issues/3622",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W64CIB6L4HZRVQSWKPDDKXJO4J2XTOXD/",
          "name" : "FEDORA-2020-7dddce530c",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKM5G3YNSZDHDZMPCMAHG5B5M2V4XYSE/",
          "name" : "FEDORA-2020-8a15713da2",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html",
          "name" : "openSUSE-SU-2020:1060",
          "refsource" : "SUSE",
          "tags" : [ "Broken Link" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202007-03",
          "name" : "GLSA-202007-03",
          "refsource" : "GENTOO",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html",
          "name" : "openSUSE-SU-2020:1106",
          "refsource" : "SUSE",
          "tags" : [ "Broken Link" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162384/Cacti-1.2.12-SQL-Injection-Remote-Code-Execution.html",
          "name" : "http://packetstormsecurity.com/files/162384/Cacti-1.2.12-SQL-Injection-Remote-Code-Execution.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cacti:cacti:1.2.12:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.2,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.2,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-06-17T14:15Z",
    "lastModifiedDate" : "2021-05-04T14:04Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-9817",
        "ASSIGNER" : "product-security@apple.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-276"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://support.apple.com/HT211170",
          "name" : "https://support.apple.com/HT211170",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        }, {
          "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT",
          "name" : "20210505 MacOS Local Privilege Escalation Exploitable through Cisco AnyConnect Secure Mobility Client",
          "refsource" : "CISCO",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "10.15.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 9.3
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 8.6,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2020-06-09T17:15Z",
    "lastModifiedDate" : "2021-05-05T18:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-8555",
        "ASSIGNER" : "security@kubernetes.io"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-918"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion",
          "name" : "N/A",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/kubernetes/kubernetes/issues/91542",
          "name" : "https://github.com/kubernetes/kubernetes/issues/91542",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2020/06/01/4",
          "name" : "[oss-security] 20200601 CVE-2020-8555: Kubernetes: Half-Blind SSRF in kube-controller-manager",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/",
          "name" : "FEDORA-2020-aeea04cd13",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20200724-0005/",
          "name" : "https://security.netapp.com/advisory/ntap-20200724-0005/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/04/8",
          "name" : "[oss-security] 20210504 [kubernetes] CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.15.11",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.16.0",
          "versionEndExcluding" : "1.16.9",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.17.0",
          "versionEndExcluding" : "1.17.5",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:kubernetes:kubernetes:1.18.0:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 4.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-06-05T17:15Z",
    "lastModifiedDate" : "2021-05-04T21:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-11975",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://unomi.apache.org/security/cve-2020-11975.txt",
          "name" : "http://unomi.apache.org/security/cve-2020-11975.txt",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r01021bc4b25c1e98812efca0b07f0e078a6281bd52f7c3817a429d95@%3Ccommits.unomi.apache.org%3E",
          "name" : "[unomi-commits] 20201113 svn commit: r1883398 - in /unomi/website: contribute-release-guide.html documentation.html download.html index.html security/cve-2020-13942.txt",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r79672c25e0ef9bb4b9148376281200a8e61c6d5ef5bb705e9a363460@%3Ccommits.unomi.apache.org%3E",
          "name" : "[unomi-commits] 20210428 svn commit: r1889256 - in /unomi/website: contribute-release-guide.html documentation.html download.html index.html security/cve-2021-31164.txt",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:unomi:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.5.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 10.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-06-05T15:15Z",
    "lastModifiedDate" : "2021-05-03T20:37Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-10749",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-Other"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8",
          "name" : "https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749",
          "refsource" : "CONFIRM",
          "tags" : [ "Issue Tracking", "Third Party Advisory" ]
        }, {
          "url" : "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html",
          "name" : "openSUSE-SU-2020:1049",
          "refsource" : "SUSE",
          "tags" : [ "Broken Link", "Third Party Advisory" ]
        }, {
          "url" : "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html",
          "name" : "openSUSE-SU-2020:1050",
          "refsource" : "SUSE",
          "tags" : [ "Broken Link", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC/",
          "name" : "FEDORA-2021-ccb8a9c403",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:cncf:cni_network_plugins:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "0.8.6",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "LOW",
          "baseScore" : 6.0,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 6.8,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-06-03T14:15Z",
    "lastModifiedDate" : "2021-05-05T13:57Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-13614",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-295"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/axel-download-accelerator/axel/issues/262",
          "name" : "https://github.com/axel-download-accelerator/axel/issues/262",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/axel-download-accelerator/axel/releases/tag/v2.17.8",
          "name" : "https://github.com/axel-download-accelerator/axel/releases/tag/v2.17.8",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Third Party Advisory" ]
        }, {
          "url" : "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00006.html",
          "name" : "openSUSE-SU-2020:0778",
          "refsource" : "SUSE",
          "tags" : [ ]
        }, {
          "url" : "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00010.html",
          "name" : "openSUSE-SU-2020:0785",
          "refsource" : "SUSE",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3ECAKIZA2TGBYLUQTLGRMXUFIOGRHG3/",
          "name" : "FEDORA-2021-90b4716992",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LPZUQSDGV5XDBJGHBWBHWJIBE47Q4QIB/",
          "name" : "FEDORA-2021-5214bd8f14",
          "refsource" : "FEDORA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:axel_project:axel:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "2.17.8",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.9,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.2,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-05-26T23:15Z",
    "lastModifiedDate" : "2021-05-05T03:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-10724",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-190"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugs.dpdk.org/show_bug.cgi?id=269",
          "name" : "https://bugs.dpdk.org/show_bug.cgi?id=269",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://www.openwall.com/lists/oss-security/2020/05/18/2",
          "name" : "https://www.openwall.com/lists/oss-security/2020/05/18/2",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10724",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10724",
          "refsource" : "CONFIRM",
          "tags" : [ "Issue Tracking", "Third Party Advisory" ]
        }, {
          "url" : "https://usn.ubuntu.com/4362-1/",
          "name" : "USN-4362-1",
          "refsource" : "UBUNTU",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html",
          "name" : "openSUSE-SU-2020:0693",
          "refsource" : "SUSE",
          "tags" : [ "Broken Link", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/",
          "name" : "FEDORA-2020-04e3d34451",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.oracle.com/security-alerts/cpuoct2020.html",
          "name" : "https://www.oracle.com/security-alerts/cpuoct2020.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.oracle.com/security-alerts/cpujan2021.html",
          "name" : "https://www.oracle.com/security-alerts/cpujan2021.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "18.11",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 0.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-05-19T19:15Z",
    "lastModifiedDate" : "2021-05-05T13:56Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-1763",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763",
          "refsource" : "CONFIRM",
          "tags" : [ "Issue Tracking", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8",
          "name" : "https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1813329",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1813329",
          "refsource" : "MISC",
          "tags" : [ "Issue Tracking", "Third Party Advisory" ]
        }, {
          "url" : "https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt",
          "name" : "https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2020/dsa-4684",
          "name" : "DSA-4684",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202007-21",
          "name" : "GLSA-202007-21",
          "refsource" : "GENTOO",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf",
          "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04",
          "name" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "US Government Resource" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:libreswan:libreswan:3.5:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.27",
          "versionEndIncluding" : "3.31",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-05-12T14:15Z",
    "lastModifiedDate" : "2021-05-05T13:41Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-12783",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://git.exim.org/exim.git/commit/57aa14b216432be381b6295c312065b2fd034f86",
          "name" : "https://git.exim.org/exim.git/commit/57aa14b216432be381b6295c312065b2fd034f86",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://git.exim.org/exim.git/commit/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0",
          "name" : "https://git.exim.org/exim.git/commit/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://bugs.exim.org/show_bug.cgi?id=2571",
          "name" : "https://bugs.exim.org/show_bug.cgi?id=2571",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2020/dsa-4687",
          "name" : "DSA-4687",
          "refsource" : "DEBIAN",
          "tags" : [ ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2020/05/msg00017.html",
          "name" : "[debian-lts-announce] 20200518 [SECURITY] [DLA 2213-1] exim4 security update",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://usn.ubuntu.com/4366-1/",
          "name" : "USN-4366-1",
          "refsource" : "UBUNTU",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7Z5UG6ZIG32V7M4PP3BCC65C27EWK7G/",
          "name" : "FEDORA-2020-2e084c987d",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6IQQ2SERFUD4WMRSX6XYDNK7Q4GPT7Y/",
          "name" : "FEDORA-2020-93d7305d71",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/04/7",
          "name" : "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "4.93",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-05-11T14:15Z",
    "lastModifiedDate" : "2021-05-04T18:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-12425",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-74"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://s.apache.org/7sr1x",
          "name" : "https://s.apache.org/7sr1x",
          "refsource" : "CONFIRM",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5181b36218225447d3ce70891eeccfb6d6885309dffd7e0e59091817@%3Cuser.ofbiz.apache.org%3E",
          "name" : "[ofbiz-user] 20200503 Re: [CVE-2019-12425] Apache OFBiz Host Header Injection",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r907ce90745b52d2d5b6a815de03fd1d5f3831ab579a81d70cfda6f3d@%3Cuser.ofbiz.apache.org%3E",
          "name" : "[ofbiz-user] 20200504 Re: [CVE-2019-12425] Apache OFBiz Host Header Injection",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0a0a701610b3bcdf14634047313adab3f1628bb9aa55cf29cd262ef5@%3Ccommits.ofbiz.apache.org%3E",
          "name" : "[ofbiz-commits] 20210321 [ofbiz-site] branch master updated: Updates security page for CVE-2021-26295 fixed in 17.12.06",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r108a964764b8bd21ebd32ccd4f51c183ee80a251c105b849154a8e9d@%3Ccommits.ofbiz.apache.org%3E",
          "name" : "[ofbiz-commits] 20210427 [ofbiz-site] branch master updated: Updates security page for CVE-2021-29200 and 30128 fixed in 17.12.07",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host"
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:ofbiz:17.12.01:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-04-30T20:15Z",
    "lastModifiedDate" : "2021-05-03T20:40Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-11022",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2",
          "name" : "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2",
          "refsource" : "CONFIRM",
          "tags" : [ "Mitigation", "Third Party Advisory" ]
        }, {
          "url" : "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
          "name" : "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        }, {
          "url" : "https://jquery.com/upgrade-guide/3.5/",
          "name" : "https://jquery.com/upgrade-guide/3.5/",
          "refsource" : "MISC",
          "tags" : [ "Mitigation", "Vendor Advisory" ]
        }, {
          "url" : "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77",
          "name" : "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20200511-0006/",
          "name" : "https://security.netapp.com/advisory/ntap-20200511-0006/",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.drupal.org/sa-core-2020-002",
          "name" : "https://www.drupal.org/sa-core-2020-002",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2020/dsa-4693",
          "name" : "DSA-4693",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/",
          "name" : "FEDORA-2020-11be4b36d4",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/",
          "name" : "FEDORA-2020-36d2db5f51",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.oracle.com/security-alerts/cpujul2020.html",
          "name" : "https://www.oracle.com/security-alerts/cpujul2020.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html",
          "name" : "openSUSE-SU-2020:1060",
          "refsource" : "SUSE",
          "tags" : [ "Broken Link" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202007-03",
          "name" : "GLSA-202007-03",
          "refsource" : "GENTOO",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html",
          "name" : "openSUSE-SU-2020:1106",
          "refsource" : "SUSE",
          "tags" : [ "Broken Link" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E",
          "name" : "[airflow-commits] 20200820 [GitHub] [airflow] breser opened a new issue #10429: jquery dependency needs to be updated to 3.5.0 or newer",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/",
          "name" : "FEDORA-2020-0b32a59b54",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/",
          "name" : "FEDORA-2020-fbb94073a1",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/",
          "name" : "FEDORA-2020-fe94df8c34",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.oracle.com/security-alerts/cpuoct2020.html",
          "name" : "https://www.oracle.com/security-alerts/cpuoct2020.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E",
          "name" : "[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html",
          "name" : "openSUSE-SU-2020:1888",
          "refsource" : "SUSE",
          "tags" : [ "Broken Link" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://www.tenable.com/security/tns-2020-10",
          "name" : "https://www.tenable.com/security/tns-2020-10",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.tenable.com/security/tns-2020-11",
          "name" : "https://www.tenable.com/security/tns-2020-11",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.oracle.com/security-alerts/cpujan2021.html",
          "name" : "https://www.oracle.com/security-alerts/cpujan2021.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://www.tenable.com/security/tns-2021-02",
          "name" : "https://www.tenable.com/security/tns-2021-02",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html",
          "name" : "[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html",
          "name" : "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.2",
          "versionEndExcluding" : "3.5.0",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.0",
          "versionEndExcluding" : "7.70",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.7.0",
          "versionEndExcluding" : "8.7.14",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.8.0",
          "versionEndExcluding" : "8.8.6",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\::*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.0",
          "versionEndIncluding" : "8.2.2",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.6.0.0",
          "versionEndIncluding" : "8.1.0.0.0",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.6",
          "versionEndIncluding" : "8.0.8",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.6",
          "versionEndIncluding" : "8.0.8",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.6",
          "versionEndIncluding" : "8.0.8",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.6",
          "versionEndIncluding" : "8.1.0",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.6",
          "versionEndIncluding" : "8.0.9",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.6",
          "versionEndIncluding" : "8.0.8",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.6",
          "versionEndIncluding" : "8.0.8",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.6",
          "versionEndIncluding" : "8.1.0",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.6",
          "versionEndIncluding" : "8.0.9",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "19.1.0",
          "versionEndIncluding" : "19.1.2",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.6",
          "versionEndIncluding" : "8.1.0",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "5.0.0.0",
          "versionEndIncluding" : "5.6.0.0",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "12.2.0",
          "versionEndIncluding" : "12.2.20",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "12.2.0",
          "versionEndIncluding" : "12.2.20",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.0",
          "versionEndIncluding" : "3.1.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2020-04-29T22:15Z",
    "lastModifiedDate" : "2021-05-05T13:40Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-11023",
        "ASSIGNER" : "security-advisories@github.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://jquery.com/upgrade-guide/3.5/",
          "name" : "https://jquery.com/upgrade-guide/3.5/",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        }, {
          "url" : "https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6",
          "name" : "https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released",
          "name" : "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20200511-0006/",
          "name" : "https://security.netapp.com/advisory/ntap-20200511-0006/",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.drupal.org/sa-core-2020-002",
          "name" : "https://www.drupal.org/sa-core-2020-002",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2020/dsa-4693",
          "name" : "DSA-4693",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/",
          "name" : "FEDORA-2020-36d2db5f51",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.oracle.com/security-alerts/cpujul2020.html",
          "name" : "https://www.oracle.com/security-alerts/cpujul2020.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html",
          "name" : "openSUSE-SU-2020:1060",
          "refsource" : "SUSE",
          "tags" : [ "Broken Link" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/202007-03",
          "name" : "GLSA-202007-03",
          "refsource" : "GENTOO",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html",
          "name" : "openSUSE-SU-2020:1106",
          "refsource" : "SUSE",
          "tags" : [ "Broken Link" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3Cgitbox.hive.apache.org%3E",
          "name" : "[hive-gitbox] 20200813 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20200813 [jira] [Assigned] (HIVE-24039) update jquery version to mitigate CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20200813 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3Cdev.hive.apache.org%3E",
          "name" : "[hive-dev] 20200813 [jira] [Created] (HIVE-24039) update jquery version to mitigate CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20200902 [jira] [Work started] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20200902 [jira] [Commented] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20200902 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20200902 [jira] [Comment Edited] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20200904 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3Cgitbox.hive.apache.org%3E",
          "name" : "[hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3Cgitbox.hive.apache.org%3E",
          "name" : "[hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac@%3Cgitbox.hive.apache.org%3E",
          "name" : "[hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93@%3Cgitbox.hive.apache.org%3E",
          "name" : "[hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/",
          "name" : "FEDORA-2020-0b32a59b54",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/",
          "name" : "FEDORA-2020-fbb94073a1",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9@%3Ccommits.hive.apache.org%3E",
          "name" : "[hive-commits] 20200915 [hive] branch master updated: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023 (#1403)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20200915 [jira] [Resolved] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20200915 [jira] [Work logged] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c@%3Cgitbox.hive.apache.org%3E",
          "name" : "[hive-gitbox] 20200915 [GitHub] [hive] kgyrtkirk merged pull request #1403: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20200915 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/",
          "name" : "FEDORA-2020-fe94df8c34",
          "refsource" : "FEDORA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E",
          "name" : "[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://www.oracle.com/security-alerts/cpuoct2020.html",
          "name" : "https://www.oracle.com/security-alerts/cpuoct2020.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E",
          "name" : "[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html",
          "name" : "openSUSE-SU-2020:1888",
          "refsource" : "SUSE",
          "tags" : [ "Broken Link", "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330@%3Cdev.felix.apache.org%3E",
          "name" : "[felix-dev] 20201208 [jira] [Created] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef@%3Cdev.felix.apache.org%3E",
          "name" : "[felix-dev] 20201208 [GitHub] [felix-dev] cziegeler merged pull request #64: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e@%3Cdev.felix.apache.org%3E",
          "name" : "[felix-dev] 20201208 [jira] [Commented] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3Cdev.felix.apache.org%3E",
          "name" : "[felix-dev] 20201208 [jira] [Assigned] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6@%3Cdev.felix.apache.org%3E",
          "name" : "[felix-dev] 20201208 [GitHub] [felix-dev] abhishekgarg18 opened a new pull request #64: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16@%3Cdev.felix.apache.org%3E",
          "name" : "[felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c@%3Ccommits.felix.apache.org%3E",
          "name" : "[felix-commits] 20201208 [felix-dev] branch master updated: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023 (#64)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494@%3Cdev.felix.apache.org%3E",
          "name" : "[felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 < jQuery <3.5.0 is vulnerable to CVE-2020-11023",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://www.oracle.com/security-alerts/cpujan2021.html",
          "name" : "https://www.oracle.com/security-alerts/cpujan2021.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://www.tenable.com/security/tns-2021-02",
          "name" : "https://www.tenable.com/security/tns-2021-02",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html",
          "name" : "[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html",
          "name" : "http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.0.3",
          "versionEndExcluding" : "3.5.0",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.0",
          "versionEndExcluding" : "7.70",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.7.0",
          "versionEndExcluding" : "8.7.14",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.8.0",
          "versionEndExcluding" : "8.8.6",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "20.2",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.7.0",
          "versionEndIncluding" : "2.8.0",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.4.0",
          "versionEndIncluding" : "2.10.0",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.1",
          "versionEndIncluding" : "6.4",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "4.1",
          "versionEndIncluding" : "4.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "9.2.5.0",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "9.2.5.0",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "16.2",
          "versionEndIncluding" : "16.2.11",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "17.12.0",
          "versionEndIncluding" : "17.12.7",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "18.8.0",
          "versionEndIncluding" : "18.8.9",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "19.12.0",
          "versionEndIncluding" : "19.12.4",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "20.12",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.0",
          "versionEndIncluding" : "3.1.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2020-04-29T21:15Z",
    "lastModifiedDate" : "2021-05-05T13:39Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-9488",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-295"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://issues.apache.org/jira/browse/LOG4J2-2819",
          "name" : "https://issues.apache.org/jira/browse/LOG4J2-2819",
          "refsource" : "CONFIRM",
          "tags" : [ "Issue Tracking", "Mitigation", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6@%3Cdev.zookeeper.apache.org%3E",
          "name" : "[zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20200504-0003/",
          "name" : "https://security.netapp.com/advisory/ntap-20200504-0003/",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05@%3Cdev.zookeeper.apache.org%3E",
          "name" : "[zookeeper-dev] 20200504 log4j SmtpAppender related CVE",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701@%3Cnotifications.zookeeper.apache.org%3E",
          "name" : "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f@%3Ccommits.zookeeper.apache.org%3E",
          "name" : "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc@%3Cissues.zookeeper.apache.org%3E",
          "name" : "[zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220@%3Cdev.kafka.apache.org%3E",
          "name" : "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20@%3Cdev.kafka.apache.org%3E",
          "name" : "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463@%3Cjira.kafka.apache.org%3E",
          "name" : "[kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://www.oracle.com/security-alerts/cpujul2020.html",
          "name" : "https://www.oracle.com/security-alerts/cpujul2020.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4@%3Ctorque-dev.db.apache.org%3E",
          "name" : "[db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://www.oracle.com/security-alerts/cpuoct2020.html",
          "name" : "https://www.oracle.com/security-alerts/cpuoct2020.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f@%3Cdev.hive.apache.org%3E",
          "name" : "[hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E",
          "name" : "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E",
          "name" : "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E",
          "refsource" : "MISC",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://www.oracle.com/security-alerts/cpujan2021.html",
          "name" : "https://www.oracle.com/security-alerts/cpujan2021.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Issue Tracking", "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a@%3Ctorque-dev.db.apache.org%3E",
          "name" : "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604@%3Ctorque-dev.db.apache.org%3E",
          "name" : "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b@%3Cdev.hive.apache.org%3E",
          "name" : "[hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75@%3Cissues.hive.apache.org%3E",
          "name" : "[hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "name" : "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a@%3Cissues.flink.apache.org%3E",
          "name" : "[flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "2.13.2",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.6.0.0",
          "versionEndIncluding" : "8.1.0.0.0",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.7.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "11.5.0",
          "versionEndIncluding" : "11.7.0",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "5.0.0.0",
          "versionEndIncluding" : "5.6.0.0",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0.37:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4.12:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0.26:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0.37:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4.12:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2.25:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:insurance_rules_palette:11.1.0.15:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:insurance_rules_palette:11.2.0.26:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:oracle_goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "12.2.0",
          "versionEndIncluding" : "12.2.20",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "12.2.0",
          "versionEndIncluding" : "12.2.20",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_bulk_data_integration:15.0.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:16.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_order_broker_cloud_service:16.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_order_broker_cloud_service:18.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:spatial_and_graph:12.2.0.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:spatial_and_graph:18c:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:spatial_and_graph:19c:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "4.3.0.1.0",
          "versionEndIncluding" : "4.3.0.6.0",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.7,
          "baseSeverity" : "LOW"
        },
        "exploitabilityScore" : 2.2,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-04-27T16:15Z",
    "lastModifiedDate" : "2021-05-10T11:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-10947",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-269"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://community.sophos.com/b/security-blog/posts/advisory-cve-2020-10947---sophos-anti-virus-for-macos-privilege-escalation",
          "name" : "https://community.sophos.com/b/security-blog/posts/advisory-cve-2020-10947---sophos-anti-virus-for-macos-privilege-escalation",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.sophos.com/en-us.aspx",
          "name" : "https://www.sophos.com/en-us.aspx",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:sophos:anti-virus_for_sophos_central:*:*:*:*:*:macos:*:*",
          "versionEndExcluding" : "9.9.6:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:sophos:anti-virus_for_sophos_home:*:*:*:*:*:macos:*:*",
          "versionEndExcluding" : "2.2.6:",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.5
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-04-17T13:15Z",
    "lastModifiedDate" : "2021-05-07T13:55Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-8952",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/eSecure-CVEs/CVEs/blob/master/CVE-2020-8952",
          "name" : "https://github.com/eSecure-CVEs/CVEs/blob/master/CVE-2020-8952",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the logout.jsp timeOut parameter."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:fiserv:accurate_reconciliation:2.19.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2020-02-26T16:15Z",
    "lastModifiedDate" : "2021-05-05T12:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-8951",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/eSecure-CVEs/CVEs/blob/master/CVE-2020-8951",
          "name" : "https://github.com/eSecure-CVEs/CVEs/blob/master/CVE-2020-8951",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the Source or Destination field of the Configuration Manager (Configuration Parameter Translation) page."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:fiserv:accurate_reconciliation:2.19.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.3,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2020-02-26T16:15Z",
    "lastModifiedDate" : "2021-05-05T12:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-8794",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.openbsd.org/security.html",
          "name" : "https://www.openbsd.org/security.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.openwall.com/lists/oss-security/2020/02/24/5",
          "name" : "https://www.openwall.com/lists/oss-security/2020/02/24/5",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2020/02/26/1",
          "name" : "[oss-security] 20200226 Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://www.debian.org/security/2020/dsa-4634",
          "name" : "DSA-4634",
          "refsource" : "DEBIAN",
          "tags" : [ ]
        }, {
          "url" : "http://seclists.org/fulldisclosure/2020/Feb/32",
          "name" : "20200227 LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)",
          "refsource" : "FULLDISC",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2020/03/01/1",
          "name" : "[oss-security] 20200301 Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2020/03/01/2",
          "name" : "[oss-security] 20200301 Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html",
          "name" : "http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/",
          "name" : "FEDORA-2020-b92d7083ca",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://usn.ubuntu.com/4294-1/",
          "name" : "USN-4294-1",
          "refsource" : "UBUNTU",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/04/7",
          "name" : "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:opensmtpd:opensmtpd:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "6.6.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 10.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-02-25T17:15Z",
    "lastModifiedDate" : "2021-05-04T18:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-1935",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-444"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E",
          "name" : "[tomcat-announce] 20200224 [SECURITY] CVE-2020-1935 HTTP Request Smuggling",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html",
          "name" : "[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html",
          "name" : "openSUSE-SU-2020:0345",
          "refsource" : "SUSE",
          "tags" : [ "Broken Link", "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743@%3Ccommits.tomee.apache.org%3E",
          "name" : "[tomee-commits] 20200320 [jira] [Created] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 & CVE-2019-17569 vulnerabilities",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78@%3Ccommits.tomee.apache.org%3E",
          "name" : "[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 & CVE-2019-17569 vulnerabilities",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20200327-0005/",
          "name" : "https://security.netapp.com/advisory/ntap-20200327-0005/",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2020/dsa-4673",
          "name" : "DSA-4673",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.debian.org/security/2020/dsa-4680",
          "name" : "DSA-4680",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html",
          "name" : "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://www.oracle.com/security-alerts/cpujul2020.html",
          "name" : "https://www.oracle.com/security-alerts/cpujul2020.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75@%3Cusers.tomcat.apache.org%3E",
          "name" : "[tomcat-users] 20200724 CVE-2020-1935",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919@%3Cusers.tomcat.apache.org%3E",
          "name" : "[tomcat-users] 20200724 Re: CVE-2020-1935",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18@%3Cusers.tomcat.apache.org%3E",
          "name" : "[tomcat-users] 20200724 RE: CVE-2020-1935",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7@%3Cusers.tomcat.apache.org%3E",
          "name" : "[tomcat-users] 20200726 Re: CVE-2020-1935",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1@%3Cusers.tomcat.apache.org%3E",
          "name" : "[tomcat-users] 20200727 RE: CVE-2020-1935",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://usn.ubuntu.com/4448-1/",
          "name" : "USN-4448-1",
          "refsource" : "UBUNTU",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.oracle.com/security-alerts/cpuoct2020.html",
          "name" : "https://www.oracle.com/security-alerts/cpuoct2020.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.oracle.com/security-alerts/cpujan2021.html",
          "name" : "https://www.oracle.com/security-alerts/cpujan2021.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6@%3Cdev.tomcat.apache.org%3E",
          "name" : "[tomcat-dev] 20210428 [Bug 65272] Problems proccessing HTTP request without CR in last versions",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.0.0",
          "versionEndIncluding" : "7.0.99",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.5.0",
          "versionEndIncluding" : "8.5.50",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "9.0.0",
          "versionEndIncluding" : "9.0.30",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.0.0",
          "versionEndIncluding" : "3.1.3",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.5:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.6:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:health_sciences_empirica_inspections:1.0.1.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:health_sciences_empirica_signal:7.3.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "17.1",
          "versionEndIncluding" : "17.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "4.0.0",
          "versionEndIncluding" : "4.0.12",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.0",
          "versionEndIncluding" : "8.0.20",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "20.5",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:workload_manager:18c:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:workload_manager:19c:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.8,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.2,
        "impactScore" : 2.5
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 4.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-02-24T22:15Z",
    "lastModifiedDate" : "2021-05-04T19:19Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-13926",
        "ASSIGNER" : "productcert@siemens.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-400"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf",
          "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.us-cert.gov/ics/advisories/icsa-20-042-10",
          "name" : "https://www.us-cert.gov/ics/advisories/icsa-20-042-10",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "US Government Resource" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionality of the device."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:siemens:scalance_s602_firmware:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "3.0",
            "versionEndExcluding" : "4.1",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:siemens:scalance_s602:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:siemens:scalance_s612_firmware:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "3.0",
            "versionEndExcluding" : "4.1",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:siemens:scalance_s612:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:siemens:scalance_s623_firmware:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "3.0",
            "versionEndExcluding" : "4.1",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:siemens:scalance_s623:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:siemens:scalance_s627-2m_firmware:*:*:*:*:*:*:*:*",
            "versionStartIncluding" : "3.0",
            "versionEndExcluding" : "4.1",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:siemens:scalance_s627-2m:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.8
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-02-11T16:15Z",
    "lastModifiedDate" : "2021-05-05T15:03Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2020-7226",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-770"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/vt-middleware/cryptacular/blob/master/src/main/java/org/cryptacular/CiphertextHeader.java#L153",
          "name" : "https://github.com/vt-middleware/cryptacular/blob/master/src/main/java/org/cryptacular/CiphertextHeader.java#L153",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/vt-middleware/cryptacular/issues/52",
          "name" : "https://github.com/vt-middleware/cryptacular/issues/52",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc36b75cabb4d700b48035d15ad8b8c2712bb32123572a1bdaec2510a@%3Cdev.ws.apache.org%3E",
          "name" : "[ws-dev] 20200219 [jira] [Created] (WSS-665) Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re04e4f8f0d095387fb6b0ff9016a0af8c93f42e1de93b09298bfa547@%3Ccommits.ws.apache.org%3E",
          "name" : "[ws-commits] 20200219 [ws-wss4j] branch 2_2_x-fixes updated: WSS-665 - Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rfa4647c58e375996e62a9094bffff6dc350ec311ba955b430e738945@%3Cdev.ws.apache.org%3E",
          "name" : "[ws-dev] 20200219 [jira] [Resolved] (WSS-665) Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r380781f5b489cb3c818536cd3b3757e806bfe0bca188591e0051ac03@%3Ccommits.ws.apache.org%3E",
          "name" : "[ws-commits] 20200219 [ws-wss4j] branch master updated: WSS-665 - Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://github.com/vt-middleware/cryptacular/blob/fafccd07ab1214e3588a35afe3c361519129605f/src/main/java/org/cryptacular/CiphertextHeader.java#L153",
          "name" : "https://github.com/vt-middleware/cryptacular/blob/fafccd07ab1214e3588a35afe3c361519129605f/src/main/java/org/cryptacular/CiphertextHeader.java#L153",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re7f46c4cc29a4616e0aa669c84a0eb34832e83a8eef05189e2e59b44@%3Cdev.ws.apache.org%3E",
          "name" : "[ws-dev] 20200318 [jira] [Closed] (WSS-665) Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0847c7eb78c8f9e87d5b841fbd5da52b2ad4b4345e04b51c30621d88@%3Ccommits.tomee.apache.org%3E",
          "name" : "[tomee-commits] 20201013 [jira] [Assigned] (TOMEE-2908) TomEE plus is affected by CVE-2020-7226 (BDSA-2020-2333) vulnerability",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r209de85beae4d257d27fc577e3a3e97039bdb4c2dc6f4a8e5a5a5811@%3Ccommits.tomee.apache.org%3E",
          "name" : "[tomee-commits] 20201013 [jira] [Created] (TOMEE-2908) TomEE plus is affected by CVE-2020-7226 (BDSA-2020-2333) vulnerability",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r77c48cd851f60833df9a9c9c31f12243508e15d1b2a0961066d44fc6@%3Ccommits.tomee.apache.org%3E",
          "name" : "[tomee-commits] 20210426 [jira] [Updated] (TOMEE-2908) TomEE plus is affected by CVE-2020-7226 (BDSA-2020-2333) vulnerability",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r4a62133ad01d5f963755021027a4cce23f76b8674a13860d2978c7c8@%3Ccommits.tomee.apache.org%3E",
          "name" : "[tomee-commits] 20210426 [jira] [Comment Edited] (TOMEE-2908) TomEE plus is affected by CVE-2020-7226 (BDSA-2020-2333) vulnerability",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2237a27040b57adc2fcc5570bd530ad2038e67fcb2a3ce65283d3143@%3Ccommits.tomee.apache.org%3E",
          "name" : "[tomee-commits] 20210426 [jira] [Commented] (TOMEE-2908) TomEE plus is affected by CVE-2020-7226 (BDSA-2020-2333) vulnerability",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with \"new byte\" may depend on untrusted input within the header of encoded data."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vt:cryptacular:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.1.4",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:vt:cryptacular:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "1.2.0",
          "versionEndExcluding" : "1.2.4",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2020-01-24T15:15Z",
    "lastModifiedDate" : "2021-05-05T13:39Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-19648",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-125"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/VirusTotal/yara/issues/1178",
          "name" : "https://github.com/VirusTotal/yara/issues/1178",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXM224OLGI6KAOROLDPPGGCZ2OQVQ6HH/",
          "name" : "FEDORA-2021-f41d5fc954",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKNXSH5ERG6NELTXCYVJLUPJJJ2TNEBD/",
          "name" : "FEDORA-2021-dd62918333",
          "refsource" : "FEDORA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:virustotal:yara:3.11.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2019-12-09T01:15Z",
    "lastModifiedDate" : "2021-05-06T14:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-0150",
        "ASSIGNER" : "secure@intel.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
          "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Insufficient access control in firmware Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow a privileged user to potentially enable a denial of service via local access."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-tm4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-tm4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-at2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-at2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_xxv710-am2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_xxv710-am2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_xxv710-am1_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_xxv710-am1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-bm2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-bm2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_710-bm1_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_710-bm1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:ethernet_700_series_software:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "24.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "HIGH",
          "baseScore" : 5.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 0.8,
        "impactScore" : 4.2
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2019-11-14T19:15Z",
    "lastModifiedDate" : "2021-05-03T15:22Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-0149",
        "ASSIGNER" : "secure@intel.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
          "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-tm4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "2.8.43",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-tm4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-at2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "2.8.43",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-at2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_xxv710-am2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "2.8.43",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_xxv710-am2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_xxv710-am1_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "2.8.43",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_xxv710-am1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-bm2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "2.8.43",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-bm2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_710-bm1_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "2.8.43",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_710-bm1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:ethernet_700_series_software:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "24.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2019-11-14T19:15Z",
    "lastModifiedDate" : "2021-05-03T17:22Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-0148",
        "ASSIGNER" : "secure@intel.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-772"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
          "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-tm4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-tm4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-at2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-at2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_xxv710-am2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_xxv710-am2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_xxv710-am1_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_xxv710-am1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-bm2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-bm2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_710-bm1_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_710-bm1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:ethernet_700_series_software:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "24.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2019-11-14T19:15Z",
    "lastModifiedDate" : "2021-05-03T17:35Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-0147",
        "ASSIGNER" : "secure@intel.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
          "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-tm4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-tm4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-at2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-at2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_xxv710-am2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_xxv710-am2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_xxv710-am1_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_xxv710-am1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-bm2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-bm2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_710-bm1_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_710-bm1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:ethernet_700_series_software:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "24.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2019-11-14T19:15Z",
    "lastModifiedDate" : "2021-05-03T17:20Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-0146",
        "ASSIGNER" : "secure@intel.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-772"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
          "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-tm4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "2.8.43",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-tm4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-at2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "2.8.43",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-at2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_xxv710-am2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "2.8.43",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_xxv710-am2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_xxv710-am1_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "2.8.43",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_xxv710-am1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-bm2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "2.8.43",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-bm2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_710-bm1_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "2.8.43",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_710-bm1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:ethernet_700_series_software:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "24.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 2.1
        },
        "severity" : "LOW",
        "exploitabilityScore" : 3.9,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2019-11-14T19:15Z",
    "lastModifiedDate" : "2021-05-03T17:35Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-0145",
        "ASSIGNER" : "secure@intel.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-120"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
          "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-tm4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-tm4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-at2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-at2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_xxv710-am2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_xxv710-am2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_xxv710-am1_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_xxv710-am1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-bm2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-bm2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_710-bm1_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_710-bm1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:ethernet_700_series_software:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "24.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2019-11-14T19:15Z",
    "lastModifiedDate" : "2021-05-03T17:20Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-0144",
        "ASSIGNER" : "secure@intel.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-755"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
          "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Unhandled exception in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an authenticated user to potentially enable a denial of service via local access."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-tm4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-tm4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-at2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-at2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_xxv710-am2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_xxv710-am2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_xxv710-am1_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_xxv710-am1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-bm2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-bm2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_710-bm1_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_710-bm1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:ethernet_700_series_software:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "24.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.0,
        "impactScore" : 4.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 4.9
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2019-11-14T19:15Z",
    "lastModifiedDate" : "2021-05-03T17:29Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-0143",
        "ASSIGNER" : "secure@intel.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-755"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
          "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Unhandled exception in Kernel-mode drivers for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-tm4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-tm4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-at2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-at2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_xxv710-am2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_xxv710-am2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_xxv710-am1_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_xxv710-am1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-bm2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-bm2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_710-bm1_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_710-bm1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:ethernet_700_series_software:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "24.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 5.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 4.9
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2019-11-14T19:15Z",
    "lastModifiedDate" : "2021-05-03T17:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-0142",
        "ASSIGNER" : "secure@intel.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-269"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
          "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0 may allow a privileged user to potentially enable escalation of privilege via local access."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-tm4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "1.33.0.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-tm4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-at2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "1.33.0.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-at2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_xxv710-am2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "1.33.0.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_xxv710-am2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_xxv710-am1_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "1.33.0.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_xxv710-am1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-bm2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "1.33.0.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-bm2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_710-bm1_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "1.33.0.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_710-bm1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:ethernet_700_series_software:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "24.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.2,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.5,
        "impactScore" : 6.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 7.2
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 3.9,
        "impactScore" : 10.0,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2019-11-14T19:15Z",
    "lastModifiedDate" : "2021-05-03T17:26Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-0140",
        "ASSIGNER" : "secure@intel.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-120"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
          "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated user to potentially enable an escalation of privilege via an adjacent access."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-tm4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-tm4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-at2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-at2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_xxv710-am2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_xxv710-am2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_xxv710-am1_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_xxv710-am1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-bm2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-bm2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_710-bm1_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_710-bm1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:ethernet_700_series_software:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "24.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "ADJACENT_NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:A/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "ADJACENT_NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 6.5,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2019-11-14T19:15Z",
    "lastModifiedDate" : "2021-05-03T17:16Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-0139",
        "ASSIGNER" : "secure@intel.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-269"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
          "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://support.f5.com/csp/article/K08441753?utm_source=f5support&amp;utm_medium=RSS",
          "name" : "https://support.f5.com/csp/article/K08441753?utm_source=f5support&amp;utm_medium=RSS",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Insufficient access control in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow a privileged user to potentially enable an escalation of privilege, denial of service, or information disclosure via local access."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-tm4_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-tm4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-at2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-at2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_xxv710-am2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_xxv710-am2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_xxv710-am1_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_xxv710-am1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_x710-bm2_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_x710-bm2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:ethernet_controller_710-bm1_firmware:*:*:*:*:*:*:*:*",
            "versionEndExcluding" : "7.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:ethernet_controller_710-bm1:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:intel:ethernet_700_series_software:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "24.0",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.7,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 0.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2019-11-14T19:15Z",
    "lastModifiedDate" : "2021-05-03T17:24Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-2904",
        "ASSIGNER" : "secalert_us@oracle.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
          "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/",
          "name" : "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.oracle.com/security-alerts/cpujan2020.html",
          "name" : "https://www.oracle.com/security-alerts/cpujan2020.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.oracle.com/security-alerts/cpuapr2020.html",
          "name" : "https://www.oracle.com/security-alerts/cpuapr2020.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.oracle.com/security-alerts/cpujul2020.html",
          "name" : "https://www.oracle.com/security-alerts/cpujul2020.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.oracle.com/security-alerts/cpuoct2020.html",
          "name" : "N/A",
          "refsource" : "N/A",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "name" : "https://www.oracle.com/security-alerts/cpuapr2021.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_enterprise_collections:2.7.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_enterprise_collections:2.8.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_enterprise_originations:2.7.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_enterprise_originations:2.8.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:clinical:5.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.0.0",
          "versionEndIncluding" : "8.4.0.5",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.3.2",
          "versionEndIncluding" : "7.3.6",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_service_broker:6.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_service_broker:6.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_services_gatekeeper:6.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_services_gatekeeper:6.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "14.1.0",
          "versionEndIncluding" : "14.2.0",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.6:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.4:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:hyperion_planning:11.1.2.4:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "8.0.0",
          "versionEndIncluding" : "8.0.19",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:rapid_planning:12.1.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_clearance_optimization_engine:13.4:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_markdown_optimization:13.4:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_sales_audit:15.0.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:retail_sales_audit:16.0.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2019-10-16T18:15Z",
    "lastModifiedDate" : "2021-05-05T14:52Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-17602",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.manageengine.com/network-monitoring/help/read-me-complete.html",
          "name" : "https://www.manageengine.com/network-monitoring/help/read-me-complete.html",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124040:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124039:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124037:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124033:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124011:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124000:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124065:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124066:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124058:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124056:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124054:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124024:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124023:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124022:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124016:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124075:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124081:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124082:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124085:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124051:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124042:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124027:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124025:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124015:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124013:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124069:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124071:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124087:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "12.4",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124053:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124043:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124041:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124030:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124026:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124014:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124012:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124067:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124070:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124074:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124086:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2019-10-15T21:15Z",
    "lastModifiedDate" : "2021-05-04T14:34Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-17195",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-754"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://connect2id.com/blog/nimbus-jose-jwt-7-9",
          "name" : "https://connect2id.com/blog/nimbus-jose-jwt-7-9",
          "refsource" : "CONFIRM",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        }, {
          "url" : "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt",
          "name" : "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt",
          "refsource" : "CONFIRM",
          "tags" : [ "Release Notes", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d@%3Ccommon-dev.hadoop.apache.org%3E",
          "name" : "[hadoop-common-dev] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41@%3Ccommon-issues.hadoop.apache.org%3E",
          "name" : "[hadoop-common-issues] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://www.oracle.com/security-alerts/cpuapr2020.html",
          "name" : "N/A",
          "refsource" : "N/A",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://www.oracle.com/security-alerts/cpujan2021.html",
          "name" : "https://www.oracle.com/security-alerts/cpujan2021.html",
          "refsource" : "MISC",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98@%3Cdev.avro.apache.org%3E",
          "name" : "[avro-dev] 20210415 [jira] [Created] (AVRO-3111) CVE-2019-17195",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a@%3Cdev.avro.apache.org%3E",
          "name" : "[avro-dev] 20210416 [jira] [Commented] (AVRO-3111) CVE-2019-17195",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210506 [GitHub] [druid] jihoonson commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210506 [GitHub] [druid] maytasm commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d@%3Ccommits.druid.apache.org%3E",
          "name" : "[druid-commits] 20210507 [druid] branch 0.21.1 updated: Suppressing false positive CVE-2020-7791 (#11215) (#11217)",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "7.9",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:avro:1.10.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:avro:1.10.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:hadoop:3.2.1:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2019-10-15T14:15Z",
    "lastModifiedDate" : "2021-05-07T11:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2018-10531",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.xlabs.com.br/blog/cve-2018-10531-americas-army-proving-grounds-ddos-amplification/",
          "name" : "https://www.xlabs.com.br/blog/cve-2018-10531-americas-army-proving-grounds-ddos-amplification/",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Vendor Advisory" ]
        }, {
          "url" : "https://www.xlabs.com.br/blog/author/mauricio-correa/",
          "name" : "https://www.xlabs.com.br/blog/author/mauricio-correa/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "An issue was discovered in the America's Army Proving Grounds platform for the Unreal Engine. With a false packet sent via UDP, the application server responds with several bytes, giving the possibility of DoS amplification, even being able to be used in DDoS attacks."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:americasarmy:proving_grounds:-:*:*:*:*:unreal_engine:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2019-07-10T16:15Z",
    "lastModifiedDate" : "2021-05-10T15:01Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-10149",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.exim.org/static/doc/security/CVE-2019-10149.txt",
          "name" : "https://www.exim.org/static/doc/security/CVE-2019-10149.txt",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10149",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10149",
          "refsource" : "CONFIRM",
          "tags" : [ "Issue Tracking", "Third Party Advisory" ]
        }, {
          "url" : "https://usn.ubuntu.com/4010-1/",
          "name" : "USN-4010-1",
          "refsource" : "UBUNTU",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2019/06/05/3",
          "name" : "[oss-security] 20190605 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2019/06/05/2",
          "name" : "[oss-security] 20190605 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2019/06/05/4",
          "name" : "[oss-security] 20190605 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "https://www.debian.org/security/2019/dsa-4456",
          "name" : "DSA-4456",
          "refsource" : "DEBIAN",
          "tags" : [ ]
        }, {
          "url" : "https://seclists.org/bugtraq/2019/Jun/5",
          "name" : "20190605 [SECURITY] [DSA 4456-1] exim4 security update",
          "refsource" : "BUGTRAQ",
          "tags" : [ ]
        }, {
          "url" : "https://security.gentoo.org/glsa/201906-01",
          "name" : "GLSA-201906-01",
          "refsource" : "GENTOO",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2019/06/06/1",
          "name" : "[oss-security] 20190606 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://www.securityfocus.com/bid/108679",
          "name" : "108679",
          "refsource" : "BID",
          "tags" : [ ]
        }, {
          "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00020.html",
          "name" : "openSUSE-SU-2019:1524",
          "refsource" : "SUSE",
          "tags" : [ ]
        }, {
          "url" : "http://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html",
          "name" : "http://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "http://seclists.org/fulldisclosure/2019/Jun/16",
          "name" : "20190611 The Return of the WIZard: RCE in Exim (CVE-2019-10149)",
          "refsource" : "FULLDISC",
          "tags" : [ ]
        }, {
          "url" : "http://packetstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.html",
          "name" : "http://packetstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.html",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2019/07/25/6",
          "name" : "[oss-security] 20190725 Re: Statistics for distros lists updated for 2019Q2",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2019/07/25/7",
          "name" : "[oss-security] 20190725 Re: Statistics for distros lists updated for 2019Q2",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2019/07/26/4",
          "name" : "[oss-security] 20190726 Re: Statistics for distros lists updated for 2019Q2",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://packetstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.html",
          "name" : "http://packetstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.html",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/04/7",
          "name" : "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "4.87",
          "versionEndIncluding" : "4.91",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.0",
          "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2019-06-05T14:29Z",
    "lastModifiedDate" : "2021-05-04T18:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2019-3810",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://moodle.org/mod/forum/discuss.php?d=381230#p1536767",
          "name" : "https://moodle.org/mod/forum/discuss.php?d=381230#p1536767",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810",
          "refsource" : "CONFIRM",
          "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372",
          "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162399/Moodle-3.6.1-Cross-Site-Scripting.html",
          "name" : "http://packetstormsecurity.com/files/162399/Moodle-3.6.1-Cross-Site-Scripting.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.1.0",
          "versionEndIncluding" : "3.1.15",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.4.0",
          "versionEndIncluding" : "3.4.6",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.5.0",
          "versionEndIncluding" : "3.5.3",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.6.0",
          "versionEndIncluding" : "3.6.1",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2019-03-25T18:29Z",
    "lastModifiedDate" : "2021-05-05T14:47Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2018-20339",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.manageengine.com/network-monitoring/help/read-me.html",
          "name" : "https://www.manageengine.com/network-monitoring/help/read-me.html",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        }, {
          "url" : "http://www.securityfocus.com/bid/106302",
          "name" : "106302",
          "refsource" : "BID",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123237:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123230:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build12300:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123009:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123208:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123063:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123065:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123070:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123077:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123084:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123090:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123107:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123109:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123114:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123116:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123123:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123125:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123149:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123156:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123161:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123163:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123175:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123177:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123184:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123186:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123191:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123193:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123205:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123207:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123022:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123024:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123029:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123031:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123043:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123045:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123052:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123004:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123005:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123006:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123007:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123066:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123067:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123068:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123069:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123091:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123092:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123093:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123104:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123105:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123118:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123119:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123120:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123121:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123157:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123158:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123159:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123160:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123179:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123180:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123181:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123182:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123195:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123196:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123197:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123198:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123025:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123026:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123027:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123028:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123047:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123048:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123049:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123050:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123229:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123223:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123224:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123222:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123053:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123054:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123055:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123056:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123057:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123079:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123080:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123081:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123082:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123110:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123111:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123112:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123113:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123126:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123127:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123136:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123137:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123147:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123165:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123166:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123167:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123168:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123187:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123188:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123189:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123190:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123012:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123013:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123014:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123015:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123033:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123034:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123035:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123036:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123037:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123238:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123231:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123003:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123008:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123010:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123062:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123064:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123076:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123078:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123083:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123086:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123106:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123108:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123115:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123117:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123122:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123124:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123148:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123150:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123162:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123164:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123169:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123176:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123178:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123183:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123185:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123192:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123194:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123204:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123206:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123011:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123021:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123023:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123030:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123032:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123044:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123046:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123051:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.0",
          "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2018-12-21T09:29Z",
    "lastModifiedDate" : "2021-05-04T15:07Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2018-20338",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.manageengine.com/network-monitoring/help/read-me.html",
          "name" : "https://www.manageengine.com/network-monitoring/help/read-me.html",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        }, {
          "url" : "http://www.securityfocus.com/bid/106302",
          "name" : "106302",
          "refsource" : "BID",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123007:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123008:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123009:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123010:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123029:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123030:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123031:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123032:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123051:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123052:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123053:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123054:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123109:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123110:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123111:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123112:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123126:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123127:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123136:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123137:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123165:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123166:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123167:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123168:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123186:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123187:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123188:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123189:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123190:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123208:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123222:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123223:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123224:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123080:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123081:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123082:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123083:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123238:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build12300:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123015:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123021:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123022:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123023:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123024:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123037:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123043:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123044:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123045:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123063:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123064:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123093:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123104:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123118:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123119:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123120:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123121:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123156:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123157:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123158:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123159:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123178:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123179:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123180:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123181:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123195:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123196:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123197:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123198:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123066:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123067:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123068:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123069:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123070:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123092:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123004:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123006:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123011:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123013:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123025:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123027:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123034:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123036:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123046:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123048:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123050:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123055:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123057:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123106:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123108:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123113:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123115:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123117:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123122:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123124:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123148:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123150:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123160:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123162:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123164:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123169:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123176:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123183:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123185:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123192:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123194:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123204:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123206:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123230:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123065:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123077:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123079:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123084:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123090:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123237:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123003:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123005:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123012:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123014:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123026:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123028:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123033:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123035:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123047:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123049:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123056:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123062:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123105:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123107:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123114:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123116:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123123:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123125:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123147:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123149:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123161:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123163:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123175:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123177:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123182:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123184:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123191:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123193:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123205:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123207:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123229:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123231:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123076:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123078:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123086:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123091:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.0",
          "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2018-12-21T09:29Z",
    "lastModifiedDate" : "2021-05-04T15:07Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2018-20173",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.manageengine.com/network-monitoring/help/read-me.html",
          "name" : "https://www.manageengine.com/network-monitoring/help/read-me.html",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123237:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build12300:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123003:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123197:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123198:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123204:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123205:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123015:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123021:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123008:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123009:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123010:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123192:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123224:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123229:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123230:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123231:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123028:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123029:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123030:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123031:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123050:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123051:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123052:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123053:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123076:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123077:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123078:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123079:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123005:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123007:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123193:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123195:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123207:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123222:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123012:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123014:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123024:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123026:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123033:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123035:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123047:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123049:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123054:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123056:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123067:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123069:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123081:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123083:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123092:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123022:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123023:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123037:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123043:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123044:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123045:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123062:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123063:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123064:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123065:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123066:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123084:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123086:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123090:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123091:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123004:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123006:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123194:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123196:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123206:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123208:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123223:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123011:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123013:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123025:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123027:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123032:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123034:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123036:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123046:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123048:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123055:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123057:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123068:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123070:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123080:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123082:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.0",
          "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2018-12-17T08:29Z",
    "lastModifiedDate" : "2021-05-04T15:07Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2018-19921",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.manageengine.com/network-monitoring/help/read-me.html",
          "name" : "https://www.manageengine.com/network-monitoring/help/read-me.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:123230:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:123229:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:123224:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:123223:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:123222:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123009:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123010:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123011:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123012:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123031:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123032:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123033:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123034:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123053:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123054:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123055:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123056:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123078:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123079:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123080:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123081:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123109:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123110:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123111:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123112:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123126:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123127:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123136:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123137:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123164:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123165:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123166:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123167:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123168:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123186:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123187:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123188:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123189:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123208:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123214:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123215:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123217:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123003:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123004:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123023:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123024:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123025:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123026:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123044:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123045:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123046:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123047:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123065:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123066:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123067:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123068:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123091:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123092:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123093:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123104:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123117:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123118:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123119:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:11.4:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123006:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123008:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123013:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123015:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123022:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123027:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123029:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123036:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123043:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123048:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123050:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123052:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123057:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123063:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123070:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123077:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123082:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123084:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123090:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123105:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123107:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123114:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123116:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123123:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123125:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123147:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123149:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123161:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123163:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123175:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123177:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123182:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123184:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123191:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123193:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123205:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123207:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123218:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123220:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123120:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123121:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123156:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123157:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123158:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123159:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123178:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123179:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123180:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123181:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123194:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123195:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123196:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123197:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123198:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:123231:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:11.5:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build12300:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123005:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123007:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123014:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123021:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123028:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123030:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123035:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123037:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123049:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123051:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123062:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123064:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123069:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123076:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123083:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123086:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123106:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123108:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123113:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123115:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123122:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123124:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123148:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123150:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123160:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123162:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123169:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123176:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123183:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123185:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123190:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123192:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123204:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123206:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123219:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123221:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.0",
          "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2018-12-06T22:29Z",
    "lastModifiedDate" : "2021-05-04T15:07Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2018-18716",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://seclists.org/bugtraq/2018/Oct/61",
          "name" : "20181031 Zoho ManageEngine OpManager 12.3 allows Self XSS Vulnerability",
          "refsource" : "BUGTRAQ",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://seclists.org/fulldisclosure/2018/Nov/6",
          "name" : "20181102 Zoho ManageEngine OpManager 12.3 allows Self XSS Vulnerability",
          "refsource" : "FULLDISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/150124/Zoho-ManageEngine-OpManager-12.3-Cross-Site-Scripting.html",
          "name" : "http://packetstormsecurity.com/files/150124/Zoho-ManageEngine-OpManager-12.3-Cross-Site-Scripting.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123005:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123006:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123007:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123008:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123026:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123027:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123028:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123029:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123048:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123049:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123050:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123051:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123069:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123070:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123076:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123077:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123104:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123105:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123106:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123107:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123108:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123121:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123122:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123123:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123124:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123160:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123161:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123162:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123163:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123182:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123183:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123184:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123185:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123198:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123204:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123205:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123206:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123003:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123010:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123012:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123022:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123024:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123031:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123033:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123045:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123047:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123052:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123054:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123065:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123067:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123079:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123081:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123090:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123092:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123109:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123111:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123118:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123120:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123125:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123127:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123156:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123158:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123165:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123167:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123177:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123179:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123181:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123186:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123188:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123195:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123197:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123207:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123214:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123217:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:11.4:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:11.5:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123013:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123014:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123015:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123021:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123035:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123036:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123037:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123043:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123056:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123057:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123062:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123063:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123064:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123082:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123083:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123084:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123086:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123113:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123114:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123115:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123116:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123137:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123147:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123148:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123149:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123150:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123168:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123169:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123175:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123176:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123190:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123191:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123192:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123193:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123218:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build12300:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123004:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123009:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123011:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123023:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123025:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123030:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123032:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123034:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123044:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123046:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123053:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123055:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123066:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123068:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123078:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123080:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123091:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123093:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123110:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123112:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123117:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123119:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123126:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123136:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123157:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123159:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123164:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123166:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123178:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123180:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123187:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123189:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123194:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123196:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123208:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123215:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.0",
          "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2018-11-20T19:29Z",
    "lastModifiedDate" : "2021-05-04T15:06Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2018-18715",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://seclists.org/bugtraq/2018/Oct/60",
          "name" : "20181031 Zoho ManageEngine OpManager 12.3 allows Stored XSS",
          "refsource" : "BUGTRAQ",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://seclists.org/fulldisclosure/2018/Nov/3",
          "name" : "20181102 Zoho ManageEngine OpManager 12.3 allows Stored XSS",
          "refsource" : "FULLDISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/150124/Zoho-ManageEngine-OpManager-12.3-Cross-Site-Scripting.html",
          "name" : "http://packetstormsecurity.com/files/150124/Zoho-ManageEngine-OpManager-12.3-Cross-Site-Scripting.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123005:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123006:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123007:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123008:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123027:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123028:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123029:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123030:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123048:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123049:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123050:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123051:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123052:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123069:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123070:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123076:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123077:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123105:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123106:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123107:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123108:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123122:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123123:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123124:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123125:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123160:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123161:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123162:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123163:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123182:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123183:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123184:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123185:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123204:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123205:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123206:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123207:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123003:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123010:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123012:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123024:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123026:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123031:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123033:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123045:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123047:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123054:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123056:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123065:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123067:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123079:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123081:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123092:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123104:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123109:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123111:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123118:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123120:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123127:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123137:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123156:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123158:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123165:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123167:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123179:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123181:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123186:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123188:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123195:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123197:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123214:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123217:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build12300:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123013:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123014:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123015:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123021:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123022:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123035:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123036:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123037:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123043:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123057:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123062:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123063:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123064:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123082:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123083:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123084:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123086:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123090:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123113:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123114:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123115:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123116:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123147:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123148:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123149:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123150:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123169:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123175:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123176:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123177:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123190:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123191:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123192:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123193:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123218:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123004:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123009:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123011:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123023:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123025:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123032:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123034:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123044:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123046:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123053:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123055:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123066:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123068:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123078:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123080:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123091:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123093:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123110:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123112:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123117:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123119:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123121:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123126:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123136:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123157:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123159:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123164:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123166:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123168:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123178:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123180:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123187:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123189:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123194:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123196:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123198:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123208:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123215:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.0",
          "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2018-11-20T19:29Z",
    "lastModifiedDate" : "2021-05-04T15:06Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2018-19288",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.manageengine.com/network-monitoring/help/read-me.html",
          "name" : "https://www.manageengine.com/network-monitoring/help/read-me.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://www.securityfocus.com/bid/105960",
          "name" : "105960",
          "refsource" : "BID",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:11.4:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:11.5:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123012:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123013:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123014:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123015:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123021:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123034:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123035:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123036:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123037:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123056:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123057:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123062:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123063:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123082:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123083:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123084:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123086:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123112:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123113:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123114:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123115:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123137:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123147:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123148:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123149:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123168:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123169:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123175:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123176:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123189:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123190:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123191:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123192:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123193:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123217:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123218:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123219:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123220:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build12300:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123009:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123011:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123023:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123025:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123030:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123032:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123044:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123046:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123053:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123055:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123064:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123066:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123078:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123080:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123091:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123093:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123108:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123110:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123117:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123119:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123126:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123136:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123150:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123157:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123164:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123166:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123178:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123180:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123185:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123187:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123194:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123196:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123208:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123215:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123221:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123004:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123005:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123006:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123007:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123026:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123027:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123028:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123029:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123047:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123048:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123049:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123050:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123051:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123068:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123069:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123070:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123076:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123104:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123105:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123106:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123107:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123121:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123122:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123123:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123124:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123159:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123160:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123161:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123162:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123181:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123182:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123183:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123184:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123198:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123204:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123205:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123206:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123003:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123008:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123010:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123022:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123024:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123031:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123033:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123043:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123045:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123052:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123054:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123065:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123067:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123077:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123079:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123081:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123090:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123092:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123109:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123111:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123116:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123118:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123120:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123125:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123127:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123156:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123158:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123163:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123165:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123167:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123177:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123179:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123186:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123188:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123195:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123197:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123207:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123214:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.0",
          "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2018-11-15T06:29Z",
    "lastModifiedDate" : "2021-05-04T15:07Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2018-18949",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.manageengine.com/network-monitoring/help/read-me.html",
          "name" : "https://www.manageengine.com/network-monitoring/help/read-me.html",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123221:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123215:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123214:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123217:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123007:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123008:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123009:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123010:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123067:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123068:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123069:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123070:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123076:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123093:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123104:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123105:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123106:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123120:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123121:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123122:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123123:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123158:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123159:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123160:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123161:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123162:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123180:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123181:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123182:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123183:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123196:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123197:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123198:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123204:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123028:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123029:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123030:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123031:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123049:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123050:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123051:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123052:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123219:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:11.4:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123004:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123006:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123011:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123053:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123064:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123066:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123078:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123080:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123086:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123091:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123108:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123110:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123117:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123119:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123124:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123126:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123150:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123157:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123164:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123166:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123176:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123178:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123185:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123187:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123193:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123195:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:11.5:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build12300:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123055:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123056:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123057:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123062:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123081:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123082:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123083:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123084:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123111:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123112:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123113:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123114:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123115:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123136:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123137:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123147:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123148:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123167:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123168:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123169:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123175:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123189:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123190:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123208:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123191:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123014:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123015:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123021:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123022:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123036:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123037:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123043:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123044:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123205:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123207:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123024:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123026:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123033:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123035:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123045:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123047:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123218:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123220:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123003:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123005:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123012:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123054:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123063:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123065:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123077:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123079:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123090:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123092:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123107:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123109:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123116:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123118:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123125:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123127:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123149:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123156:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123163:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123165:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123177:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123179:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123184:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123186:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123188:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123192:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123194:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123206:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123013:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123023:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123025:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123027:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123032:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123034:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123046:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123048:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.0",
          "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2018-11-05T09:29Z",
    "lastModifiedDate" : "2021-05-04T15:07Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2018-18475",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-434"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://seclists.org/fulldisclosure/2018/Oct/42",
          "name" : "20181019 Zoho ManageEngine OpManager 12.3 allows Unrestricted Arbitrary File Upload",
          "refsource" : "FULLDISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/149878/Zoho-ManageEngine-OpManager-12.3-Arbitrary-File-Upload.html",
          "name" : "http://packetstormsecurity.com/files/149878/Zoho-ManageEngine-OpManager-12.3-Arbitrary-File-Upload.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123063:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123064:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123065:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123066:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123086:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123090:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123091:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123092:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123005:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123006:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123007:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123008:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123009:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123027:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123028:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123029:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123030:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123049:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123050:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123051:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123052:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123124:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123125:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123126:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123127:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123162:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123163:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123164:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123165:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123166:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123184:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123185:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123186:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123187:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123206:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123207:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123208:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123055:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123057:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123068:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123070:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123082:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123084:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123093:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123105:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123004:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123011:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123013:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123023:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123025:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123032:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123034:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123046:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123048:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123111:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123113:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123120:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123122:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123137:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123148:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123158:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123160:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123167:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123169:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123181:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123183:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123188:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123190:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123197:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123204:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123053:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123054:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123076:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123077:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123078:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123079:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123080:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123107:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123108:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123109:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123110:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123014:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123015:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123021:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123022:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123036:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123037:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123043:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123044:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123115:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123116:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123117:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123118:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123149:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123150:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123156:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123157:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123176:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123177:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123178:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123179:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123192:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123193:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123194:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123195:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123196:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123056:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123062:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123067:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123069:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123081:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123083:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123104:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123106:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123003:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123010:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123012:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123024:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123026:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123031:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123033:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123035:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123045:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123047:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123112:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123114:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123119:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123121:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123123:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123136:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123147:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123159:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123161:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123168:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123175:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123180:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123182:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123189:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123191:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123198:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123205:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.0",
          "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2018-10-23T21:30Z",
    "lastModifiedDate" : "2021-05-04T15:06Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2018-18262",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://seclists.org/fulldisclosure/2018/Oct/34",
          "name" : "20181016 Vulnerability Disclose",
          "refsource" : "FULLDISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Zoho ManageEngine OpManager 12.3 before build 123214 has XSS."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123006:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123008:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123013:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123015:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123027:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123029:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123036:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123043:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123048:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123050:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123057:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123063:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123070:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123077:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123082:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123084:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123105:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123107:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123114:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123116:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123121:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123123:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123147:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123149:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123161:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123163:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123168:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123175:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123182:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123184:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123191:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123193:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123198:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123205:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123207:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123009:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123010:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123011:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123012:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123031:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123032:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123033:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123034:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123052:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123053:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123054:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123055:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123078:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123079:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123080:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123081:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123109:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123110:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123111:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123112:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123125:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123126:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123127:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123136:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123137:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123164:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123165:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123166:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123167:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123001:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123002:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123003:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123004:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123022:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123023:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123024:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123025:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123044:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123045:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123046:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123047:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123065:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123066:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123067:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123068:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123090:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123091:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123092:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123093:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123104:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123117:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123118:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123119:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123120:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123156:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123157:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123158:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123159:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123177:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123178:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123179:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123180:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123181:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123194:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123195:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123196:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123197:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123186:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123187:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123188:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123189:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123208:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build12300:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123005:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123007:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123014:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123021:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123026:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123028:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123030:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123035:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123037:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123049:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123051:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123056:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123062:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123064:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123069:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123076:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123083:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123086:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123106:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123108:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123113:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123115:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123122:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123124:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123148:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123150:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123160:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123162:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123169:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123176:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123183:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123185:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123190:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123192:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123204:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:build123206:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.0",
          "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.1,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2018-10-17T14:29Z",
    "lastModifiedDate" : "2021-05-04T15:06Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2018-12541",
        "ASSIGNER" : "security@eclipse.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-119"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/eclipse-vertx/vert.x/issues/2648",
          "name" : "https://github.com/eclipse-vertx/vert.x/issues/2648",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=539170",
          "name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=539170",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://access.redhat.com/errata/RHSA-2018:2946",
          "name" : "RHSA-2018:2946",
          "refsource" : "REDHAT",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E",
          "name" : "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re5ddabee26fbcadc7254d03a5a073d64080a9389adc9e452529664ed@%3Ccommits.pulsar.apache.org%3E",
          "name" : "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari opened a new pull request #10261: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r344235b1aea2f7fa2381495df1d77d02b595e3d7e4626e701f7c1062@%3Ccommits.pulsar.apache.org%3E",
          "name" : "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari commented on pull request #10261: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r362835e6c7f34324ed24e318b363fcdd20cea91d0cea0b2e1164f73e@%3Cissues.bookkeeper.apache.org%3E",
          "name" : "[bookkeeper-issues] 20210419 [GitHub] [bookkeeper] lhotari opened a new pull request #2693: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r11789cd6d67ecca2d6f6bbb11e34495e68ee99287b6c59edf5b1a09c@%3Ccommits.pulsar.apache.org%3E",
          "name" : "[pulsar-commits] 20210419 [GitHub] [pulsar] eolivelli merged pull request #10261: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r3da899890536af744dec897fbc561fd9810ac45e79a16164b53c31b2@%3Ccommits.pulsar.apache.org%3E",
          "name" : "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari edited a comment on pull request #10261: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r8db0431ecf93f2dd2128db5ddca897b33ba883b7f126648d6a9e4c47@%3Ccommits.pulsar.apache.org%3E",
          "name" : "[pulsar-commits] 20210419 [pulsar] branch master updated: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 (#10261)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rbdc279ecdb7ac496a03befb05a53605c4ce2b67e14f8f4df4cfa1203@%3Cissues.bookkeeper.apache.org%3E",
          "name" : "[bookkeeper-issues] 20210421 [GitHub] [bookkeeper] lhotari commented on pull request #2693: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r1af71105539fe01fcecb92d2ecd8eea56c515fb1c80ecab4df424553@%3Cissues.bookkeeper.apache.org%3E",
          "name" : "[bookkeeper-issues] 20210507 [GitHub] [bookkeeper] dlg99 commented on pull request #2693: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:eclipse:vert.x:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "3.0.0",
          "versionEndExcluding" : "3.9.7",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.0,
        "impactScore" : 2.9,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2018-10-10T20:29Z",
    "lastModifiedDate" : "2021-05-08T00:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2017-18347",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-362"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier",
          "name" : "https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://www.aisec.fraunhofer.de/en/FirmwareProtection.html",
          "name" : "https://www.aisec.fraunhofer.de/en/FirmwareProtection.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32",
          "name" : "https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32",
          "refsource" : "MISC",
          "tags" : [ "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f071rb_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f071rb:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f071v8_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f071v8:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f071vb_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f071vb:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f072c8_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f072c8:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f072cb_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f072cb:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f072r8_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f072r8:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f072rb_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f072rb:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f072v8_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f072v8:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f072vb_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f072vb:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f078cb_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f078cb:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f078rb_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f078rb:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f078vb_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f078vb:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f091cb_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f091cb:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f091cc_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f091cc:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f091rb_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f091rb:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f091rc_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f091rc:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f091vb_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f091vb:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f091vc_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f091vc:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f098cc_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f098cc:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f098rc_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f098rc:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f098vc_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f098vc:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f070c6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f070c6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f070cb_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f070cb:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f070f6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f070f6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f070rb_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f070rb:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f071c8_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f071c8:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f071cb_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f071cb:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f051t8_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f051t8:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f058c8_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f058c8:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f058r8_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f058r8:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f058t8_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f058t8:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f070c6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f070c6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f051k4_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f051k4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f051k6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f051k6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f051k8_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f051k8:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f051r4_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f051r4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f051r6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f051r6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f051r8_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f051r8:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f042t6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f042t6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f048c6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f048c6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f048g6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f048g6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f048t6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f048t6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f051c4_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f051c4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f051c6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f051c6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f051c8_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f051c8:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f042f4_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f042f4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f042f6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f042f6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f042g4_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f042g4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f042g6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f042g6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f042k4_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f042k4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f042k6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f042k6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f038c6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f038c6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f038e6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f038e6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f038f6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f038f6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f038g6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f038g6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f038k6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f038k6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f042c4_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f042c4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f042c6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f042c6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f031e6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f031e6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f031f4_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f031f4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f031f6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f031f6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f031g4_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f031g4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f031g6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f031g6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f031k4_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f031k4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f030f4_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f030f4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f030k6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f030k6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f030r8_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f030r8:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f030rc_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f030rc:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f031c4_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f031c4:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f031c6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f031c6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f030c6_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f030c6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f030c8_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f030c8:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:st:stm32f030cc_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:st:stm32f030cc:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "PHYSICAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.6,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 0.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:C/I:N/A:N",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.9
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.9,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2018-09-12T15:29Z",
    "lastModifiedDate" : "2021-05-04T14:07Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2018-16384",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-89"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1167",
          "name" : "https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1167",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as \"if\") and b is the SQL statement to be executed."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:owasp:owasp_modsecurity_core_rule_set:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "3.0.2:",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:owasp:owasp_modsecurity_core_rule_set:3.1.0:rc1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:owasp:owasp_modsecurity_core_rule_set:3.1.0:rc3:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2018-09-03T02:29Z",
    "lastModifiedDate" : "2021-05-10T12:32Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2018-3627",
        "ASSIGNER" : "secure@intel.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00118.html",
          "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00118.html",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20190327-0006/",
          "name" : "https://security.netapp.com/advisory/ntap-20190327-0006/",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Logic bug in Intel Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:converged_security_management_engine_firmware:11.0:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:6006u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:6098p:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:6100:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:6100e:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:6100h:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:6100t:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:6100te:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:6100u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:6102e:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:6157u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:6167u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:6300:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:6300t:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:6320:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:7020u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:7100:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:7100e:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:7100h:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:7100t:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:7100u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:7101e:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:7101te:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:7102e:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:7130u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:7167u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:7300:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:7300t:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:7320:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:7350k:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:8100:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:8100h:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:8100t:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:8109u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:8130u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:8145u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:8300:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:8300t:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i3:8350k:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:converged_security_management_engine_firmware:11.0:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:7y54:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:7y57:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:6200u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:6260u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:6267u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:6287u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:6300hq:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:6300u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:6350hq:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:6360u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:6400:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:6400t:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:6402p:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:6440eq:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:6440hq:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:6442eq:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:6500:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:6500t:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:6500te:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:6585r:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:6600:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:6600k:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:6600t:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:6685r:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:7200u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:7260u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:7267u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:7287u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:7300hq:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:7300u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:7360u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:7400:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:7400t:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:7440eq:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:7440hq:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:7442eq:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:7500:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:7500t:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:7600:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:7600k:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:7600t:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:8200y:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:8250u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:8259u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:8265u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:8269u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:8300h:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:8305g:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:8350u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:8400:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:8400b:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:8400h:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:8400t:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:8500:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:8500b:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:8500t:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:8600:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:8600k:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i5:8600t:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:converged_security_management_engine_firmware:11.0:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:7y75:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:6500u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:6560u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:6567u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:6600u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:6650u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:6660u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:6700:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:6700hq:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:6700k:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:6700t:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:6700te:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:6770hq:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:6785r:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:6820eq:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:6820hk:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:6820hq:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:6822eq:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:6870hq:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:6920hq:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:6970hq:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:7500u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:7560u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:7567u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:7600u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:7660u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:7700:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:7700hq:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:7700k:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:7700t:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:7820eq:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:7820hk:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:7820hq:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:7920hq:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:8086k:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:8500y:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:8550u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:8559u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:8565u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:8650u:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:8700:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:8700b:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:8700k:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:8700t:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:8705g:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:8706g:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:8709g:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:8750h:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:8809g:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i7:8850h:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:converged_security_management_engine_firmware:11.0:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:core_i9:8950hk:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:converged_security_management_engine_firmware:11.0:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_e3_1220_v5:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_e3_1220_v6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_e3_1225_v5:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_e3_1225_v6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_e3_1230_v5:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_e3_1230_v6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_e3_1235l_v5:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_e3_1240_v5:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_e3_1240_v6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_e3_1240l_v5:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_e3_1245_v5:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_e3_1245_v6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_e3_1260l_v5:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_e3_1270_v5:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_e3_1270_v6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_e3_1275_v6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_e3_1280_v5:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_e3_1280_v6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_e3_1285_v6:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:intel:converged_security_management_engine_firmware:11.0:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_w:2123:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_w:2125:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_w:2133:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_w:2135:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_w:2145:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_w:2155:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_w:2175:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:intel:xeon_w:2195:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "HIGH",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.2,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.5,
        "impactScore" : 6.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "LOCAL",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 4.6
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.9,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2018-07-10T21:29Z",
    "lastModifiedDate" : "2021-05-08T02:12Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2018-12920",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-200"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://www.seebug.org/vuldb/ssvid-97370",
          "name" : "https://www.seebug.org/vuldb/ssvid-97370",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:flir:brickstream_2300_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:flir:brickstream_2300:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2018-06-28T11:29Z",
    "lastModifiedDate" : "2021-05-03T17:45Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2018-10601",
        "ASSIGNER" : "ics-cert@hq.dhs.gov"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01",
          "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "US Government Resource" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an \"echo\" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mp2_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mp2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_x2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mp30_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mp30:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mp50_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mp50:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mp70_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mp70:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_np90_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_np90:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mx450_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mx450:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mx500_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mx500:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_x3:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm20_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm20:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm30_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm30:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm40_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm40:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm50_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm50:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H",
          "attackVector" : "ADJACENT_NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.2,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.6,
        "impactScore" : 6.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:A/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "ADJACENT_NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.4
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 5.5,
        "impactScore" : 6.4,
        "acInsufInfo" : false,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2018-06-05T20:29Z",
    "lastModifiedDate" : "2020-09-04T15:52Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2018-10599",
        "ASSIGNER" : "ics-cert@hq.dhs.gov"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-200"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01",
          "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "US Government Resource" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mp2_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mp2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_x2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mp30_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mp30:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mp50_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mp50:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mp70_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mp70:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_np90_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_np90:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mx450_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mx450:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mx500_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mx500:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_x3:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm20_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm20:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm30_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm30:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm40_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm40:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm50_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm50:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.0",
          "vectorString" : "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "ADJACENT_NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 1.6,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:A/AC:M/Au:N/C:P/I:N/A:N",
          "accessVector" : "ADJACENT_NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 2.9
        },
        "severity" : "LOW",
        "exploitabilityScore" : 5.5,
        "impactScore" : 2.9,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2018-06-05T20:29Z",
    "lastModifiedDate" : "2019-10-09T23:32Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2018-10597",
        "ASSIGNER" : "ics-cert@hq.dhs.gov"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01",
          "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "US Government Resource" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory (\"write-what-where\") from an attacker-chosen device address within the same subnet."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mp2_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mp2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_x2:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mp30_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mp30:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mp50_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mp50:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mp70_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mp70:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_np90_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_np90:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mx450_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mx450:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mx500_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mx500:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_x3:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm20_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm20:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm30_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm30:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm40_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm40:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm50_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm50:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "attackVector" : "ADJACENT_NETWORK",
          "attackComplexity" : "HIGH",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "CHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.3,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.6,
        "impactScore" : 6.0
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:A/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "ADJACENT_NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.4
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 5.5,
        "impactScore" : 6.4,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2018-06-05T20:29Z",
    "lastModifiedDate" : "2020-09-04T15:52Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2017-16944",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-835"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://bugs.exim.org/show_bug.cgi?id=2201",
          "name" : "https://bugs.exim.org/show_bug.cgi?id=2201",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Issue Tracking" ]
        }, {
          "url" : "https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html",
          "name" : "https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html",
          "refsource" : "MISC",
          "tags" : [ "Mailing List" ]
        }, {
          "url" : "http://openwall.com/lists/oss-security/2017/11/25/3",
          "name" : "http://openwall.com/lists/oss-security/2017/11/25/3",
          "refsource" : "MISC",
          "tags" : [ "Mailing List" ]
        }, {
          "url" : "http://openwall.com/lists/oss-security/2017/11/25/2",
          "name" : "http://openwall.com/lists/oss-security/2017/11/25/2",
          "refsource" : "MISC",
          "tags" : [ "Mailing List" ]
        }, {
          "url" : "http://openwall.com/lists/oss-security/2017/11/25/1",
          "name" : "http://openwall.com/lists/oss-security/2017/11/25/1",
          "refsource" : "MISC",
          "tags" : [ "Mailing List" ]
        }, {
          "url" : "http://www.securitytracker.com/id/1039873",
          "name" : "1039873",
          "refsource" : "SECTRACK",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.exploit-db.com/exploits/43184/",
          "name" : "43184",
          "refsource" : "EXPLOIT-DB",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.debian.org/security/2017/dsa-4053",
          "name" : "DSA-4053",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/04/7",
          "name" : "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.88:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.89:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.0",
          "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2017-11-25T17:29Z",
    "lastModifiedDate" : "2021-05-04T18:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2017-16943",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-416"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://git.exim.org/exim.git/commitdiff/4e6ae6235c68de243b1c2419027472d7659aa2b4",
          "name" : "https://git.exim.org/exim.git/commitdiff/4e6ae6235c68de243b1c2419027472d7659aa2b4",
          "refsource" : "MISC",
          "tags" : [ "Patch" ]
        }, {
          "url" : "https://bugs.exim.org/show_bug.cgi?id=2199",
          "name" : "https://bugs.exim.org/show_bug.cgi?id=2199",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Issue Tracking" ]
        }, {
          "url" : "https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html",
          "name" : "https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html",
          "refsource" : "MISC",
          "tags" : [ "Mailing List" ]
        }, {
          "url" : "https://github.com/LetUsFsck/PoC-Exploit-Mirror/tree/master/CVE-2017-16944",
          "name" : "https://github.com/LetUsFsck/PoC-Exploit-Mirror/tree/master/CVE-2017-16944",
          "refsource" : "MISC",
          "tags" : [ "Exploit" ]
        }, {
          "url" : "https://git.exim.org/exim.git/commit/4090d62a4b25782129cc1643596dc2f6e8f63bde",
          "name" : "https://git.exim.org/exim.git/commit/4090d62a4b25782129cc1643596dc2f6e8f63bde",
          "refsource" : "MISC",
          "tags" : [ "Patch" ]
        }, {
          "url" : "http://openwall.com/lists/oss-security/2017/11/25/3",
          "name" : "http://openwall.com/lists/oss-security/2017/11/25/3",
          "refsource" : "MISC",
          "tags" : [ "Mailing List" ]
        }, {
          "url" : "http://openwall.com/lists/oss-security/2017/11/25/2",
          "name" : "http://openwall.com/lists/oss-security/2017/11/25/2",
          "refsource" : "MISC",
          "tags" : [ "Mailing List" ]
        }, {
          "url" : "http://openwall.com/lists/oss-security/2017/11/25/1",
          "name" : "http://openwall.com/lists/oss-security/2017/11/25/1",
          "refsource" : "MISC",
          "tags" : [ "Mailing List" ]
        }, {
          "url" : "http://www.securitytracker.com/id/1039872",
          "name" : "1039872",
          "refsource" : "SECTRACK",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.debian.org/security/2017/dsa-4053",
          "name" : "DSA-4053",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/04/7",
          "name" : "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.89:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.88:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.0",
          "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2017-11-25T17:29Z",
    "lastModifiedDate" : "2021-05-04T18:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2017-11323",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-119"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://www.altools.com/ALTools/ALZip/Version-History.aspx",
          "name" : "http://www.altools.com/ALTools/ALZip/Version-History.aspx",
          "refsource" : "MISC",
          "tags" : [ "Release Notes", "Vendor Advisory" ]
        }, {
          "url" : "http://exploit.kitploit.com/2017/08/alzip-851-buffer-overflow.html",
          "name" : "http://exploit.kitploit.com/2017/08/alzip-851-buffer-overflow.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of \"AUX\" as the initial substring of a filename."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:estsoft:alzip:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "8.51",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "LOCAL",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 1.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2017-08-19T16:29Z",
    "lastModifiedDate" : "2021-05-03T17:52Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2017-10796",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-287"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://gist.github.com/elbauldelgeek/8f0f24c582f43f51a34b34420a385d75",
          "name" : "https://gist.github.com/elbauldelgeek/8f0f24c582f43f51a34b34420a385d75",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:tp-link:nc250_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.2.1",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:tp-link:nc250:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector" : "ADJACENT_NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 6.5,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:A/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "ADJACENT_NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.3
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.5,
        "impactScore" : 2.9,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2017-07-02T22:29Z",
    "lastModifiedDate" : "2021-05-07T14:42Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2017-3167",
        "ASSIGNER" : "security@apache.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-287"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4@%3Cdev.httpd.apache.org%3E",
          "name" : "[dev] 20170619 CVE-2017-3167: ap_get_basic_auth_pw authentication bypass",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "http://www.securityfocus.com/bid/99135",
          "name" : "99135",
          "refsource" : "BID",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "http://www.securitytracker.com/id/1038711",
          "name" : "1038711",
          "refsource" : "SECTRACK",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.nomachine.com/SU08O00185",
          "name" : "https://www.nomachine.com/SU08O00185",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
          "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Third Party Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/201710-32",
          "name" : "GLSA-201710-32",
          "refsource" : "GENTOO",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www.debian.org/security/2017/dsa-3896",
          "name" : "DSA-3896",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://support.apple.com/HT208221",
          "name" : "https://support.apple.com/HT208221",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://access.redhat.com/errata/RHSA-2017:3195",
          "name" : "RHSA-2017:3195",
          "refsource" : "REDHAT",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://access.redhat.com/errata/RHSA-2017:3194",
          "name" : "RHSA-2017:3194",
          "refsource" : "REDHAT",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://access.redhat.com/errata/RHSA-2017:3193",
          "name" : "RHSA-2017:3193",
          "refsource" : "REDHAT",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://access.redhat.com/errata/RHSA-2017:3477",
          "name" : "RHSA-2017:3477",
          "refsource" : "REDHAT",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://access.redhat.com/errata/RHSA-2017:3476",
          "name" : "RHSA-2017:3476",
          "refsource" : "REDHAT",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://access.redhat.com/errata/RHSA-2017:3475",
          "name" : "RHSA-2017:3475",
          "refsource" : "REDHAT",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://access.redhat.com/errata/RHSA-2017:2483",
          "name" : "RHSA-2017:2483",
          "refsource" : "REDHAT",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://access.redhat.com/errata/RHSA-2017:2479",
          "name" : "RHSA-2017:2479",
          "refsource" : "REDHAT",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://access.redhat.com/errata/RHSA-2017:2478",
          "name" : "RHSA-2017:2478",
          "refsource" : "REDHAT",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20180601-0002/",
          "name" : "https://security.netapp.com/advisory/ntap-20180601-0002/",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
          "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E",
          "name" : "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E",
          "name" : "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://www.tenable.com/security/tns-2019-09",
          "name" : "https://www.tenable.com/security/tns-2019-09",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E",
          "name" : "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E",
          "name" : "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E",
          "name" : "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E",
          "name" : "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E",
          "name" : "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E",
          "name" : "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E",
          "name" : "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E",
          "name" : "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E",
          "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E",
          "name" : "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E",
          "name" : "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E",
          "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E",
          "name" : "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E",
          "name" : "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.2.0",
          "versionEndExcluding" : "2.2.33",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.4.0",
          "versionEndExcluding" : "2.4.26",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          }, {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "10.13.1",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:secure_global_desktop:5.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "acInsufInfo" : true,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2017-06-20T01:29Z",
    "lastModifiedDate" : "2021-05-04T15:18Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2017-9438",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-674"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://github.com/VirusTotal/yara/issues/674",
          "name" : "https://github.com/VirusTotal/yara/issues/674",
          "refsource" : "CONFIRM",
          "tags" : [ "Issue Tracking", "Patch" ]
        }, {
          "url" : "https://github.com/VirusTotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7",
          "name" : "https://github.com/VirusTotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch" ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXM224OLGI6KAOROLDPPGGCZ2OQVQ6HH/",
          "name" : "FEDORA-2021-f41d5fc954",
          "refsource" : "FEDORA",
          "tags" : [ ]
        }, {
          "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKNXSH5ERG6NELTXCYVJLUPJJJ2TNEBD/",
          "name" : "FEDORA-2021-dd62918333",
          "refsource" : "FEDORA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:virustotal:yara:3.5.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.0",
          "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "HIGH",
          "baseScore" : 7.5,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 3.6
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2017-06-05T17:29Z",
    "lastModifiedDate" : "2021-05-06T14:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2016-10307",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-798"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://blog.iancaling.com/post/153011925478",
          "name" : "http://blog.iancaling.com/post/153011925478",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        }, {
          "url" : "http://www.securityfocus.com/bid/97242",
          "name" : "97242",
          "refsource" : "BID",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:gotrango:apex_lynx_firmware:2.0:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:gotrango:apex_lynx:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:gotrango:apex_orion_firmware:2.0:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:gotrango:apex_orion:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:gotrango:giga_lynx_firmware:2.0:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:gotrango:giga_lynx:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:gotrango:giga_orion_firmware:2.0:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:gotrango:giga_orion:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:gotrango:stratalink_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "3.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:gotrango:stratalink:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 10.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 10.0,
        "acInsufInfo" : true,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2017-03-30T07:59Z",
    "lastModifiedDate" : "2021-05-05T14:46Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2016-10305",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-798"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://blog.iancaling.com/post/153011925478",
          "name" : "http://blog.iancaling.com/post/153011925478",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:gotrango:apex_plus_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "3.2.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:gotrango:apex_plus:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:gotrango:apex_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.1.1",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:gotrango:apex:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:gotrango:apex_lynx_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.2.3",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:gotrango:apex_lynx:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:gotrango:apex_orion_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.2.3",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:gotrango:apex_orion:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:gotrango:giga_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.6.1",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:gotrango:giga:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:gotrango:giga_lynx_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.2.3",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:gotrango:giga_lynx:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:gotrango:giga_orion_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.2.3",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:gotrango:giga_orion:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:gotrango:giga_plus_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "3.2.3",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:gotrango:giga_plus:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:gotrango:giga_pro_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "1.4.1",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:gotrango:giga_pro:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:gotrango:stratalink_pro_firmware:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:gotrango:stratalink_pro:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      }, {
        "operator" : "AND",
        "children" : [ {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : true,
            "cpe23Uri" : "cpe:2.3:o:gotrango:stratalink_firmware:*:*:*:*:*:*:*:*",
            "versionEndIncluding" : "2.2.0",
            "cpe_name" : [ ]
          } ]
        }, {
          "operator" : "OR",
          "children" : [ ],
          "cpe_match" : [ {
            "vulnerable" : false,
            "cpe23Uri" : "cpe:2.3:h:gotrango:stratalink:-:*:*:*:*:*:*:*",
            "cpe_name" : [ ]
          } ]
        } ],
        "cpe_match" : [ ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 10.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 10.0,
        "acInsufInfo" : true,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2017-03-30T07:59Z",
    "lastModifiedDate" : "2021-05-05T14:44Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2016-1566",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://sourceforge.net/p/guacamole/news/2016/02/security-advisory---stored-xss-cve-2016-1566--guac-1465/",
          "name" : "https://sourceforge.net/p/guacamole/news/2016/02/security-advisory---stored-xss-cve-2016-1566--guac-1465/",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename.  NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:guacamole:0.9.9:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:guacamole:0.9.8:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.0",
          "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "LOW",
          "userInteraction" : "REQUIRED",
          "scope" : "CHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "LOW",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.4,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 2.3,
        "impactScore" : 2.7
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "SINGLE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 3.5
        },
        "severity" : "LOW",
        "exploitabilityScore" : 6.8,
        "impactScore" : 2.9,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2017-02-02T15:59Z",
    "lastModifiedDate" : "2021-05-07T18:33Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2016-4971",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "NVD-CWE-noinfo"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://git.savannah.gnu.org/cgit/wget.git/commit/?id=e996e322ffd42aaa051602da182d03178d0f13e1",
          "name" : "http://git.savannah.gnu.org/cgit/wget.git/commit/?id=e996e322ffd42aaa051602da182d03178d0f13e1",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343666",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343666",
          "refsource" : "CONFIRM",
          "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ]
        }, {
          "url" : "http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html",
          "name" : "[info-gnu] 20160609 GNU wget 1.18 released",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Patch", "Vendor Advisory" ]
        }, {
          "url" : "http://www.ubuntu.com/usn/USN-3012-1",
          "name" : "USN-3012-1",
          "refsource" : "UBUNTU",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
          "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www.securityfocus.com/bid/91530",
          "name" : "91530",
          "refsource" : "BID",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00043.html",
          "name" : "openSUSE-SU-2016:2027",
          "refsource" : "SUSE",
          "tags" : [ "Broken Link" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/201610-11",
          "name" : "GLSA-201610-11",
          "refsource" : "GENTOO",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www.securitytracker.com/id/1036133",
          "name" : "1036133",
          "refsource" : "SECTRACK",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.exploit-db.com/exploits/40064/",
          "name" : "40064",
          "refsource" : "EXPLOIT-DB",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "http://rhn.redhat.com/errata/RHSA-2016-2587.html",
          "name" : "RHSA-2016:2587",
          "refsource" : "REDHAT",
          "tags" : [ "Broken Link" ]
        }, {
          "url" : "https://security.paloaltonetworks.com/CVE-2016-4971",
          "name" : "https://security.paloaltonetworks.com/CVE-2016-4971",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/162395/GNU-wget-Arbitrary-File-Upload-Code-Execution.html",
          "name" : "http://packetstormsecurity.com/files/162395/GNU-wget-Arbitrary-File-Upload-Code-Execution.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "1.18",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "6.1.0",
          "versionEndIncluding" : "6.1.16",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.0.0",
          "versionEndIncluding" : "7.0.14",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.1.0",
          "versionEndIncluding" : "7.1.9",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "REQUIRED",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 8.8,
          "baseSeverity" : "HIGH"
        },
        "exploitabilityScore" : 2.8,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2016-06-30T17:59Z",
    "lastModifiedDate" : "2021-05-05T14:43Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2016-2170",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://packetstormsecurity.com/files/136639/Apache-OFBiz-13.07.02-13.07.01-Information-Disclosure.html",
          "name" : "http://packetstormsecurity.com/files/136639/Apache-OFBiz-13.07.02-13.07.01-Information-Disclosure.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://blogs.apache.org/ofbiz/entry/announce_apache_ofbiz_12_04",
          "name" : "https://blogs.apache.org/ofbiz/entry/announce_apache_ofbiz_12_04",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://blogs.apache.org/ofbiz/entry/announce_apache_ofbiz_13_07",
          "name" : "https://blogs.apache.org/ofbiz/entry/announce_apache_ofbiz_13_07",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "https://cwiki.apache.org/confluence/display/OFBIZ/The+infamous+Java+serialization+vulnerability",
          "name" : "https://cwiki.apache.org/confluence/display/OFBIZ/The+infamous+Java+serialization+vulnerability",
          "refsource" : "CONFIRM",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://ofbiz.apache.org/download.html#vulnerabilities",
          "name" : "http://ofbiz.apache.org/download.html#vulnerabilities",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://issues.apache.org/jira/browse/OFBIZ-6726",
          "name" : "https://issues.apache.org/jira/browse/OFBIZ-6726",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "http://www.securitytracker.com/id/1035513",
          "name" : "1035513",
          "refsource" : "SECTRACK",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "http://www.securityfocus.com/archive/1/538034/100/0/threaded",
          "name" : "20160408 CVE-2016-2170: Apache OFBiz information disclosure vulnerability",
          "refsource" : "BUGTRAQ",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r0d97a3b7a14777b9e9e085b483629d2774343c4723236d1c73f43ff0@%3Cdev.ofbiz.apache.org%3E",
          "name" : "[ofbiz-dev] 20210325 Comment out the SOAP and HTTP engines?",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/reccf8c8a58337ce7c035495d3d82fbc549e97036a9789a2a7d9cccf6@%3Cdev.ofbiz.apache.org%3E",
          "name" : "[ofbiz-dev] 20210325 Re: Comment out the SOAP and HTTP engines?",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rec5e9fdcdca13099cfb29f632333f44ad1dd60d90f67b90434e4467a@%3Cdev.ofbiz.apache.org%3E",
          "name" : "[ofbiz-dev] 20210329 Re: Comment out the SOAP and HTTP engines?",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/r3ee005dd767cd83f522719423f5e7dd316f168ddbd1dc51a13d4e244@%3Cnotifications.ofbiz.apache.org%3E",
          "name" : "[ofbiz-notifications] 20210329 [jira] [Commented] (OFBIZ-6942) Comment out RMI related code because of the Java deserialization issue [CVE-2016-2170]",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rc9bd0d3d794dc370bc70585960841868cb29b92dcc80552b84ca2599@%3Cnotifications.ofbiz.apache.org%3E",
          "name" : "[ofbiz-notifications] 20210329 [jira] [Commented] (OFBIZ-12167) Adds a blacklist (to be renamed soon to denylist) in Java serialisation (CVE-2021-26295)",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        }, {
          "url" : "https://lists.apache.org/thread.html/rbe512e5ccd6b11169c6379daa1234bc805f3d53c5a38224e956295ce@%3Cnotifications.ofbiz.apache.org%3E",
          "name" : "[ofbiz-notifications] 20210427 [jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128]",
          "refsource" : "MLIST",
          "tags" : [ "Mailing List", "Vendor Advisory" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "12.04",
          "versionEndExcluding" : "12.04.06",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "13.07",
          "versionEndExcluding" : "13.07.03",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "HIGH",
          "integrityImpact" : "HIGH",
          "availabilityImpact" : "HIGH",
          "baseScore" : 9.8,
          "baseSeverity" : "CRITICAL"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 5.9
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 7.5
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 6.4,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false
      }
    },
    "publishedDate" : "2016-04-12T14:59Z",
    "lastModifiedDate" : "2021-05-03T20:45Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2016-2388",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-200"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://seclists.org/fulldisclosure/2016/May/55",
          "name" : "20160523 [ERPSCAN-16-010] SAP NetWeaver AS JAVA - information disclosure vulnerability",
          "refsource" : "FULLDISC",
          "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/137128/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.html",
          "name" : "http://packetstormsecurity.com/files/137128/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.exploit-db.com/exploits/39841/",
          "name" : "39841",
          "refsource" : "EXPLOIT-DB",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://www.exploit-db.com/exploits/43495/",
          "name" : "43495",
          "refsource" : "EXPLOIT-DB",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/",
          "name" : "https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://erpscan.io/advisories/erpscan-16-010-sap-netweaver-7-4-information-disclosure/",
          "name" : "https://erpscan.io/advisories/erpscan-16-010-sap-netweaver-7-4-information-disclosure/",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/145860/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html",
          "name" : "http://packetstormsecurity.com/files/145860/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:sap:netweaver_application_server_java:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "7.10",
          "versionEndIncluding" : "7.50",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV3" : {
        "cvssV3" : {
          "version" : "3.1",
          "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector" : "NETWORK",
          "attackComplexity" : "LOW",
          "privilegesRequired" : "NONE",
          "userInteraction" : "NONE",
          "scope" : "UNCHANGED",
          "confidentialityImpact" : "LOW",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.3,
          "baseSeverity" : "MEDIUM"
        },
        "exploitabilityScore" : 3.9,
        "impactScore" : 1.4
      },
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "NONE",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.0
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 10.0,
        "impactScore" : 2.9,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false
      }
    },
    "publishedDate" : "2016-02-16T15:59Z",
    "lastModifiedDate" : "2021-05-05T14:01Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2015-0235",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-787"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://seclists.org/oss-sec/2015/q1/274",
          "name" : "20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow",
          "refsource" : "BUGTRAQ",
          "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://seclists.org/oss-sec/2015/q1/269",
          "name" : "20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)",
          "refsource" : "BUGTRAQ",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability",
          "name" : "https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://secunia.com/advisories/62691",
          "name" : "62691",
          "refsource" : "SECUNIA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/",
          "name" : "http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://linux.oracle.com/errata/ELSA-2015-0090.html",
          "name" : "http://linux.oracle.com/errata/ELSA-2015-0090.html",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671",
          "name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21695835",
          "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21695835",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10100",
          "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10100",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://secunia.com/advisories/62698",
          "name" : "62698",
          "refsource" : "SECUNIA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://linux.oracle.com/errata/ELSA-2015-0092.html",
          "name" : "http://linux.oracle.com/errata/ELSA-2015-0092.html",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://secunia.com/advisories/62692",
          "name" : "62692",
          "refsource" : "SECUNIA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://bto.bluecoat.com/security-advisory/sa90",
          "name" : "https://bto.bluecoat.com/security-advisory/sa90",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://secunia.com/advisories/62690",
          "name" : "62690",
          "refsource" : "SECUNIA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21695860",
          "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21695860",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://secunia.com/advisories/62715",
          "name" : "62715",
          "refsource" : "SECUNIA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost",
          "name" : "20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability",
          "refsource" : "CISCO",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://secunia.com/advisories/62688",
          "name" : "62688",
          "refsource" : "SECUNIA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://secunia.com/advisories/62681",
          "name" : "62681",
          "refsource" : "SECUNIA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://secunia.com/advisories/62667",
          "name" : "62667",
          "refsource" : "SECUNIA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.sophos.com/en-us/support/knowledgebase/121879.aspx",
          "name" : "https://www.sophos.com/en-us/support/knowledgebase/121879.aspx",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html",
          "name" : "http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "http://secunia.com/advisories/62517",
          "name" : "62517",
          "refsource" : "SECUNIA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://secunia.com/advisories/62640",
          "name" : "62640",
          "refsource" : "SECUNIA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://secunia.com/advisories/62680",
          "name" : "62680",
          "refsource" : "SECUNIA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://seclists.org/fulldisclosure/2015/Jan/111",
          "name" : "20150128 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow",
          "refsource" : "FULLDISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696600",
          "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696600",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://secunia.com/advisories/62883",
          "name" : "62883",
          "refsource" : "SECUNIA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://secunia.com/advisories/62870",
          "name" : "62870",
          "refsource" : "SECUNIA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://secunia.com/advisories/62871",
          "name" : "62871",
          "refsource" : "SECUNIA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696526",
          "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696526",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://secunia.com/advisories/62879",
          "name" : "62879",
          "refsource" : "SECUNIA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696602",
          "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696602",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://secunia.com/advisories/62865",
          "name" : "62865",
          "refsource" : "SECUNIA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696618",
          "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696618",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696243",
          "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696243",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www.debian.org/security/2015/dsa-3142",
          "name" : "DSA-3142",
          "refsource" : "DEBIAN",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://rhn.redhat.com/errata/RHSA-2015-0126.html",
          "name" : "RHSA-2015:0126",
          "refsource" : "REDHAT",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html",
          "name" : "http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "http://www.securityfocus.com/bid/72325",
          "name" : "72325",
          "refsource" : "BID",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:039",
          "name" : "MDVSA-2015:039",
          "refsource" : "MANDRIVA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://marc.info/?l=bugtraq&m=142721102728110&w=2",
          "name" : "HPSBHF03289",
          "refsource" : "HP",
          "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0",
          "name" : "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0",
          "refsource" : "CONFIRM",
          "tags" : [ "Permissions Required" ]
        }, {
          "url" : "https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt",
          "name" : "https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf",
          "name" : "http://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf",
          "refsource" : "CONFIRM",
          "tags" : [ "Broken Link" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html",
          "name" : "http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html",
          "refsource" : "MISC",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "http://marc.info/?l=bugtraq&m=142781412222323&w=2",
          "name" : "HPSBGN03270",
          "refsource" : "HP",
          "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
          "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html",
          "name" : "APPLE-SA-2015-06-30-2",
          "refsource" : "APPLE",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://support.apple.com/kb/HT204942",
          "name" : "http://support.apple.com/kb/HT204942",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
          "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://support.apple.com/HT205267",
          "name" : "https://support.apple.com/HT205267",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html",
          "name" : "APPLE-SA-2015-09-30-3",
          "refsource" : "APPLE",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://support.apple.com/HT205375",
          "name" : "https://support.apple.com/HT205375",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html",
          "name" : "APPLE-SA-2015-10-21-4",
          "refsource" : "APPLE",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
          "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
          "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
          "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www.securityfocus.com/bid/91787",
          "name" : "91787",
          "refsource" : "BID",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "http://marc.info/?l=bugtraq&m=142722450701342&w=2",
          "name" : "HPSBGN03285",
          "refsource" : "HP",
          "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://marc.info/?l=bugtraq&m=142296726407499&w=2",
          "name" : "HPSBGN03247",
          "refsource" : "HP",
          "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://marc.info/?l=bugtraq&m=143145428124857&w=2",
          "name" : "HPSBMU03330",
          "refsource" : "HP",
          "tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
          "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668",
          "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://www.f-secure.com/en/web/labs_global/fsc-2015-1",
          "name" : "https://www.f-secure.com/en/web/labs_global/fsc-2015-1",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696131",
          "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696131",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21695774",
          "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21695774",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21695695",
          "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21695695",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://secunia.com/advisories/62816",
          "name" : "62816",
          "refsource" : "SECUNIA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://secunia.com/advisories/62813",
          "name" : "62813",
          "refsource" : "SECUNIA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://secunia.com/advisories/62812",
          "name" : "62812",
          "refsource" : "SECUNIA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://secunia.com/advisories/62758",
          "name" : "62758",
          "refsource" : "SECUNIA",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://security.gentoo.org/glsa/201503-04",
          "name" : "GLSA-201503-04",
          "refsource" : "GENTOO",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
          "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www.securitytracker.com/id/1032909",
          "name" : "1032909",
          "refsource" : "SECTRACK",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
          "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://security.netapp.com/advisory/ntap-20150127-0001/",
          "name" : "https://security.netapp.com/advisory/ntap-20150127-0001/",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www.securityfocus.com/archive/1/534845/100/0/threaded",
          "name" : "20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235",
          "refsource" : "BUGTRAQ",
          "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
          "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes",
          "name" : "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://seclists.org/fulldisclosure/2019/Jun/18",
          "name" : "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
          "refsource" : "FULLDISC",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "https://seclists.org/bugtraq/2019/Jun/14",
          "name" : "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
          "refsource" : "BUGTRAQ",
          "tags" : [ "Mailing List", "Third Party Advisory" ]
        }, {
          "url" : "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html",
          "name" : "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html",
          "refsource" : "MISC",
          "tags" : [ "Third Party Advisory", "VDB Entry" ]
        }, {
          "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf",
          "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf",
          "refsource" : "CONFIRM",
          "tags" : [ "Third Party Advisory" ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/04/7",
          "name" : "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka \"GHOST.\""
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "2.0",
          "versionEndExcluding" : "2.18",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "3.7.1",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_eagle_application_processor:16.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_lsms:13.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_policy_management:9.7.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_policy_management:9.9.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_policy_management:10.4.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_policy_management:11.5:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_policy_management:12.1.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_session_border_controller:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "7.2.0",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_session_border_controller:7.2.0:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_user_data_repository:*:*:*:*:*:*:*:*",
          "versionStartIncluding" : "10.0.0",
          "versionEndIncluding" : "10.0.1",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "5.1.24",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:oracle:linux:7:0:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
          "versionEndExcluding" : "10.11.1",
          "cpe_name" : [ ]
        } ]
      }, {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:pureapplication_system:1.0.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:pureapplication_system:1.1.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:pureapplication_system:2.0.0.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager_for_enterprise_single_sign-on:8.2:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "LOW",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 10.0
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 10.0,
        "impactScore" : 10.0,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2015-01-28T19:59Z",
    "lastModifiedDate" : "2021-05-04T18:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2014-9342",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://www.securityfocus.com/archive/1/534137/100/0/threaded",
          "name" : "20141202 F5 BIGIP - (OLD!) Persistent XSS in ASM Module",
          "refsource" : "BUGTRAQ",
          "tags" : [ ]
        }, {
          "url" : "https://support.f5.com/csp/article/K15939",
          "name" : "https://support.f5.com/csp/article/K15939",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "https://support.f5.com/kb/en-us/solutions/public/15000/900/sol15939.html",
          "name" : "https://support.f5.com/kb/en-us/solutions/public/15000/900/sol15939.html",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "http://secunia.com/advisories/62000",
          "name" : "62000",
          "refsource" : "SECUNIA",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:f5:big-ip:11.3.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2014-12-08T11:59Z",
    "lastModifiedDate" : "2021-05-03T11:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2014-2957",
        "ASSIGNER" : "cert@cert.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "https://lists.exim.org/lurker/message/20140528.122536.a31d60a4.en.html",
          "name" : "[exim-announce] 20140528 [exim] Exim 4.82.1 Security Release",
          "refsource" : "MLIST",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0",
          "name" : "http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/04/7",
          "name" : "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.77:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.76:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.75:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.74:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.60:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.54:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.53:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.52:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.24:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.23:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.22:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.21:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.20:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.80.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.72:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.70:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.65:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.63:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.61:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.51:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.44:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.30:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.12:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.10:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.01:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.69:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.68:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.67:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.66:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.42:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.41:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.40:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.05:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.04:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.03:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.02:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "4.82",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.80:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.73:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.71:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.64:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.62:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.50:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.43:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.31:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.14:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.11:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.00:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "PARTIAL",
          "baseScore" : 6.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 6.4,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2014-09-04T17:55Z",
    "lastModifiedDate" : "2021-05-04T18:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2013-4492",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-79"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/",
          "name" : "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch", "Vendor Advisory" ]
        }, {
          "url" : "https://github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445",
          "name" : "https://github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ",
          "name" : "[ruby-security-ann] 20131203 [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00093.html",
          "name" : "openSUSE-SU-2013:1930",
          "refsource" : "SUSE",
          "tags" : [ ]
        }, {
          "url" : "http://www.debian.org/security/2013/dsa-2830",
          "name" : "DSA-2830",
          "refsource" : "DEBIAN",
          "tags" : [ ]
        }, {
          "url" : "http://www.securityfocus.com/bid/64076",
          "name" : "64076",
          "refsource" : "BID",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:i18n_project:i18n:*:*:*:*:*:ruby:*:*",
          "versionEndIncluding" : "0.6.5",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "NONE",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 4.3
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 2.9,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : true
      }
    },
    "publishedDate" : "2013-12-07T00:55Z",
    "lastModifiedDate" : "2021-05-04T09:08Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2012-5781",
        "ASSIGNER" : "cve@mitre.org"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-20"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
          "name" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
          "refsource" : "MISC",
          "tags" : [ "Exploit" ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Amazon Elastic Load Balancing API Tools does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to overriding the default JDK X509TrustManager."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:amazon:elastic_load_balancing:1.0.12.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:amazon:elastic_load_balancing:1.0.10.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:amazon:elastic_load_balancing:1.0.3.4:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:amazon:elastic_load_balancing:1.0:1:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:amazon:elastic_load_balancing:1.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:amazon:elastic_load_balancing:-:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:amazon:elastic_load_balancing:1.0.17.0:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:amazon:elastic_load_balancing:1.0.15.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:amazon:elastic_load_balancing:1.0.14.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:amazon:elastic_load_balancing:1.0.11.1:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:amazon:elastic_load_balancing:1.0.9.3:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "PARTIAL",
          "integrityImpact" : "PARTIAL",
          "availabilityImpact" : "NONE",
          "baseScore" : 5.8
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 8.6,
        "impactScore" : 4.9,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2012-11-04T22:55Z",
    "lastModifiedDate" : "2012-11-06T05:00Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2010-4345",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-264"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://openwall.com/lists/oss-security/2010/12/10/1",
          "name" : "[oss-security] 20101210 Exim remote root",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html",
          "name" : "[exim-dev] 20101209 Re: [Exim-maintainers] Remote root vulnerability in Exim",
          "refsource" : "MLIST",
          "tags" : [ "Patch" ]
        }, {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=662012",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=662012",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch" ]
        }, {
          "url" : "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html",
          "name" : "[exim-dev] 20101207 Remote root vulnerability in Exim",
          "refsource" : "MLIST",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/",
          "name" : "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html",
          "name" : "[exim-dev] 20101210 Re: Remote root vulnerability in Exim",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://bugs.exim.org/show_bug.cgi?id=1044",
          "name" : "http://bugs.exim.org/show_bug.cgi?id=1044",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch" ]
        }, {
          "url" : "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format",
          "name" : "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html",
          "name" : "SUSE-SA:2010:059",
          "refsource" : "SUSE",
          "tags" : [ ]
        }, {
          "url" : "http://www.vupen.com/english/advisories/2010/3204",
          "name" : "ADV-2010-3204",
          "refsource" : "VUPEN",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://www.kb.cert.org/vuls/id/758489",
          "name" : "VU#758489",
          "refsource" : "CERT-VN",
          "tags" : [ "US Government Resource" ]
        }, {
          "url" : "http://www.vupen.com/english/advisories/2010/3171",
          "name" : "ADV-2010-3171",
          "refsource" : "VUPEN",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://www.debian.org/security/2010/dsa-2131",
          "name" : "DSA-2131",
          "refsource" : "DEBIAN",
          "tags" : [ ]
        }, {
          "url" : "http://secunia.com/advisories/42576",
          "name" : "42576",
          "refsource" : "SECUNIA",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://www.cpanel.net/2010/12/critical-exim-security-update.html",
          "name" : "http://www.cpanel.net/2010/12/critical-exim-security-update.html",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "http://www.securityfocus.com/bid/45341",
          "name" : "45341",
          "refsource" : "BID",
          "tags" : [ ]
        }, {
          "url" : "http://www.securitytracker.com/id?1024859",
          "name" : "1024859",
          "refsource" : "SECTRACK",
          "tags" : [ ]
        }, {
          "url" : "http://www.vupen.com/english/advisories/2011/0135",
          "name" : "ADV-2011-0135",
          "refsource" : "VUPEN",
          "tags" : [ ]
        }, {
          "url" : "http://secunia.com/advisories/42930",
          "name" : "42930",
          "refsource" : "SECUNIA",
          "tags" : [ ]
        }, {
          "url" : "http://www.redhat.com/support/errata/RHSA-2011-0153.html",
          "name" : "RHSA-2011:0153",
          "refsource" : "REDHAT",
          "tags" : [ ]
        }, {
          "url" : "http://www.vupen.com/english/advisories/2011/0245",
          "name" : "ADV-2011-0245",
          "refsource" : "VUPEN",
          "tags" : [ ]
        }, {
          "url" : "http://secunia.com/advisories/43128",
          "name" : "43128",
          "refsource" : "SECUNIA",
          "tags" : [ ]
        }, {
          "url" : "http://www.debian.org/security/2011/dsa-2154",
          "name" : "DSA-2154",
          "refsource" : "DEBIAN",
          "tags" : [ ]
        }, {
          "url" : "http://www.ubuntu.com/usn/USN-1060-1",
          "name" : "USN-1060-1",
          "refsource" : "UBUNTU",
          "tags" : [ ]
        }, {
          "url" : "http://secunia.com/advisories/43243",
          "name" : "43243",
          "refsource" : "SECUNIA",
          "tags" : [ ]
        }, {
          "url" : "http://www.vupen.com/english/advisories/2011/0364",
          "name" : "ADV-2011-0364",
          "refsource" : "VUPEN",
          "tags" : [ ]
        }, {
          "url" : "http://www.securityfocus.com/archive/1/515172/100/0/threaded",
          "name" : "20101213 Exim security issue in historical release",
          "refsource" : "BUGTRAQ",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/04/7",
          "name" : "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.31:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.54:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.53:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.65:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.66:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.67:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.11:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.12:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.00:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.36:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.21:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.20:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.10:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.03:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.69:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.70:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.43:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.61:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.60:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.22:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.42:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.20:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.02:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.01:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.31:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.30:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.22:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.12:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.11:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:2.11:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:2.10:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.50:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.44:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.63:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.62:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.24:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.21:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.41:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.40:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.04:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.03:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.14:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.13:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.00:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:2.12:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.51:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.30:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.64:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.52:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.23:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.68:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.10:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.14:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.05:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.35:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.16:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.15:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.02:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.01:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.71:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "4.72",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "accessVector" : "LOCAL",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 6.9
        },
        "severity" : "MEDIUM",
        "exploitabilityScore" : 3.4,
        "impactScore" : 10.0,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2010-12-14T16:00Z",
    "lastModifiedDate" : "2021-05-04T18:15Z"
  }, {
    "cve" : {
      "data_type" : "CVE",
      "data_format" : "MITRE",
      "data_version" : "4.0",
      "CVE_data_meta" : {
        "ID" : "CVE-2010-4344",
        "ASSIGNER" : "secalert@redhat.com"
      },
      "problemtype" : {
        "problemtype_data" : [ {
          "description" : [ {
            "lang" : "en",
            "value" : "CWE-119"
          } ]
        } ]
      },
      "references" : {
        "reference_data" : [ {
          "url" : "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html",
          "name" : "[exim-dev] 20101210 Re: Remote root vulnerability in Exim",
          "refsource" : "MLIST",
          "tags" : [ "Patch" ]
        }, {
          "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=661756",
          "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=661756",
          "refsource" : "CONFIRM",
          "tags" : [ "Exploit" ]
        }, {
          "url" : "http://secunia.com/advisories/40019",
          "name" : "40019",
          "refsource" : "SECUNIA",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html",
          "name" : "[exim-dev] 20101207 Remote root vulnerability in Exim",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/",
          "name" : "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b",
          "name" : "http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch" ]
        }, {
          "url" : "http://openwall.com/lists/oss-security/2010/12/10/1",
          "name" : "[oss-security] 20101210 Exim remote root",
          "refsource" : "MLIST",
          "tags" : [ ]
        }, {
          "url" : "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format",
          "name" : "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format",
          "refsource" : "MISC",
          "tags" : [ ]
        }, {
          "url" : "ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70",
          "name" : "ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "http://www.osvdb.org/69685",
          "name" : "69685",
          "refsource" : "OSVDB",
          "tags" : [ "Exploit", "Patch" ]
        }, {
          "url" : "http://bugs.exim.org/show_bug.cgi?id=787",
          "name" : "http://bugs.exim.org/show_bug.cgi?id=787",
          "refsource" : "CONFIRM",
          "tags" : [ "Patch" ]
        }, {
          "url" : "http://www.ubuntu.com/usn/USN-1032-1",
          "name" : "USN-1032-1",
          "refsource" : "UBUNTU",
          "tags" : [ ]
        }, {
          "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html",
          "name" : "SUSE-SA:2010:059",
          "refsource" : "SUSE",
          "tags" : [ ]
        }, {
          "url" : "http://www.debian.org/security/2010/dsa-2131",
          "name" : "DSA-2131",
          "refsource" : "DEBIAN",
          "tags" : [ ]
        }, {
          "url" : "http://secunia.com/advisories/42576",
          "name" : "42576",
          "refsource" : "SECUNIA",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://www.vupen.com/english/advisories/2010/3171",
          "name" : "ADV-2010-3171",
          "refsource" : "VUPEN",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://www.vupen.com/english/advisories/2010/3172",
          "name" : "ADV-2010-3172",
          "refsource" : "VUPEN",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://secunia.com/advisories/42586",
          "name" : "42586",
          "refsource" : "SECUNIA",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://www.vupen.com/english/advisories/2010/3186",
          "name" : "ADV-2010-3186",
          "refsource" : "VUPEN",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://www.vupen.com/english/advisories/2010/3204",
          "name" : "ADV-2010-3204",
          "refsource" : "VUPEN",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://www.redhat.com/support/errata/RHSA-2010-0970.html",
          "name" : "RHSA-2010:0970",
          "refsource" : "REDHAT",
          "tags" : [ ]
        }, {
          "url" : "http://secunia.com/advisories/42587",
          "name" : "42587",
          "refsource" : "SECUNIA",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://secunia.com/advisories/42589",
          "name" : "42589",
          "refsource" : "SECUNIA",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://www.vupen.com/english/advisories/2010/3181",
          "name" : "ADV-2010-3181",
          "refsource" : "VUPEN",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://www.vupen.com/english/advisories/2010/3246",
          "name" : "ADV-2010-3246",
          "refsource" : "VUPEN",
          "tags" : [ "Vendor Advisory" ]
        }, {
          "url" : "http://www.kb.cert.org/vuls/id/682457",
          "name" : "VU#682457",
          "refsource" : "CERT-VN",
          "tags" : [ "US Government Resource" ]
        }, {
          "url" : "http://www.securityfocus.com/bid/45308",
          "name" : "45308",
          "refsource" : "BID",
          "tags" : [ ]
        }, {
          "url" : "http://www.securitytracker.com/id?1024858",
          "name" : "1024858",
          "refsource" : "SECTRACK",
          "tags" : [ ]
        }, {
          "url" : "http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html",
          "name" : "http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "http://atmail.com/blog/2010/atmail-6204-now-available/",
          "name" : "http://atmail.com/blog/2010/atmail-6204-now-available/",
          "refsource" : "CONFIRM",
          "tags" : [ ]
        }, {
          "url" : "http://www.vupen.com/english/advisories/2010/3317",
          "name" : "ADV-2010-3317",
          "refsource" : "VUPEN",
          "tags" : [ ]
        }, {
          "url" : "http://www.securityfocus.com/archive/1/515172/100/0/threaded",
          "name" : "20101213 Exim security issue in historical release",
          "refsource" : "BUGTRAQ",
          "tags" : [ ]
        }, {
          "url" : "http://www.openwall.com/lists/oss-security/2021/05/04/7",
          "name" : "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
          "refsource" : "MLIST",
          "tags" : [ ]
        } ]
      },
      "description" : {
        "description_data" : [ {
          "lang" : "en",
          "value" : "Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging."
        } ]
      }
    },
    "configurations" : {
      "CVE_data_version" : "4.0",
      "nodes" : [ {
        "operator" : "OR",
        "children" : [ ],
        "cpe_match" : [ {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.44:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.43:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.62:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.61:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.21:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.22:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.40:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.04:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.03:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.32:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.14:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.13:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.00:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:2.12:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.33:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.60:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.54:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.42:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.65:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.20:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*",
          "versionEndIncluding" : "4.69",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.02:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.01:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.31:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.30:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.12:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.11:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:2.11:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:2.10:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.51:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.50:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.64:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.63:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.23:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.24:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.10:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.41:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.14:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.05:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.35:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.34:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.16:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.15:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.02:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.01:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.31:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.30:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.53:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.52:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.66:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.67:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.68:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.11:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.12:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:4.00:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.36:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.22:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.21:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.20:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.10:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        }, {
          "vulnerable" : true,
          "cpe23Uri" : "cpe:2.3:a:exim:exim:3.03:*:*:*:*:*:*:*",
          "cpe_name" : [ ]
        } ]
      } ]
    },
    "impact" : {
      "baseMetricV2" : {
        "cvssV2" : {
          "version" : "2.0",
          "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "accessVector" : "NETWORK",
          "accessComplexity" : "MEDIUM",
          "authentication" : "NONE",
          "confidentialityImpact" : "COMPLETE",
          "integrityImpact" : "COMPLETE",
          "availabilityImpact" : "COMPLETE",
          "baseScore" : 9.3
        },
        "severity" : "HIGH",
        "exploitabilityScore" : 8.6,
        "impactScore" : 10.0,
        "obtainAllPrivilege" : false,
        "obtainUserPrivilege" : false,
        "obtainOtherPrivilege" : false,
        "userInteractionRequired" : false
      }
    },
    "publishedDate" : "2010-12-14T16:00Z",
    "lastModifiedDate" : "2021-05-04T18:15Z"
  } ]
}