CVE - Common Vulnerabilities and Exposures (CVE)

<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head><title> CVE - Common Vulnerabilities and Exposures (CVE) </title><meta name="viewport" content="width-device-width; initial-scale=1.0;" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><link href="BotDetectCaptcha.ashx?get=layout-stylesheet" rel="stylesheet" type="text/css" /><link type="text/css" rel="stylesheet" href="Plugins/Bootstrap/css/bootstrap.min.css" /><link type="text/css" rel="stylesheet" href="Content/Site.css" /><link type="text/css" rel="stylesheet" href="Content/style/bulma.css" /> <script type="text/javascript" src="Plugins/jQuery/jquery-1.10.2.js"></script> <script type="text/javascript" src="Plugins/Bootstrap/js/bootstrap.min.js"></script> <script type="text/javascript" src="Plugins/MaskedInput/maskedinput.js"></script> </head> <body> <form method="post" action="./" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__LASTFOCUS" id="__LASTFOCUS" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTE5MjMzMDg5NzUPFgIeE1ZhbGlkYXRlUmVxdWVzdE1vZGUCARYCAgMPZBYCAgMPZBYCZg9kFgQCAQ9kFgICAQ8QZGQWAWZkAgMPZBYGAgEPZBYCAgEPZBYCZg9kFgICDQ8WAh4LXyFJdGVtQ291bnQCARYCZg9kFhYCAw9kFgJmD2QWAgIDDxAPFgIeC18hRGF0YUJvdW5kZ2QPFgsCAQICAgMCBAIFAgYCBwIIAgkCCgILFgsQBQ9CdWZmZXIgT3ZlcmZsb3cFD0J1ZmZlciBPdmVyZmxvd2cQBSFDcm9zcyBTaXRlIFJlcXVlc3QgRm9yZ2VyeSAoQ1NSRikFIUNyb3NzIFNpdGUgUmVxdWVzdCBGb3JnZXJ5IChDU1JGKWcQBRpDcm9zcyBTaXRlIFNjcmlwdGluZyAoWFNTKQUaQ3Jvc3MgU2l0ZSBTY3JpcHRpbmcgKFhTUylnEAUTRGlyZWN0b3J5IFRyYXZlcnNhbAUTRGlyZWN0b3J5IFRyYXZlcnNhbGcQBRhJbmNvcnJlY3QgQWNjZXNzIENvbnRyb2wFGEluY29ycmVjdCBBY2Nlc3MgQ29udHJvbGcQBRRJbnNlY3VyZSBQZXJtaXNzaW9ucwUUSW5zZWN1cmUgUGVybWlzc2lvbnNnEAUQSW50ZWdlciBPdmVyZmxvdwUQSW50ZWdlciBPdmVyZmxvd2cQBSJNaXNzaW5nIFNTTCBDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uBSJNaXNzaW5nIFNTTCBDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uZxAFDVNRTCBJbmplY3Rpb24FDVNRTCBJbmplY3Rpb25nEAUZWE1MIEV4dGVybmFsIEVudGl0eSAoWFhFKQUZWE1MIEV4dGVybmFsIEVudGl0eSAoWFhFKWcQBRBPdGhlciBvciBVbmtub3duBRBPdGhlciBvciBVbmtub3duZxYBZmQCBw8PFgIeBFRleHRlZGQCCw9kFgJmD2QWAgIBDxYCHwECARYCAgEPZBYGAgEPDxYCHwNlZGQCAw8PFgIfA2VkZAIFDw8WAh4PQ29tbWFuZEFyZ3VtZW50BQEwZGQCDw8QDxYCHgdDaGVja2VkZ2RkZGQCEQ9kFgJmD2QWAgIDDxAPFgIfAmdkDxYFAgECAgIDAgQCBRYFEAURQ29udGV4dC1kZXBlbmRlbnQFEUNvbnRleHQtZGVwZW5kZW50ZxAFBUxvY2FsBQVMb2NhbGcQBQhQaHlzaWNhbAUIUGh5c2ljYWxnEAUGUmVtb3RlBQZSZW1vdGVnEAUFT3RoZXIFBU90aGVyZxYBZmQCEw9kFgJmD2QWAgIDDxAPFgIfAmdkDxYFZgIBAgICAwIEFgUQBQ5Db2RlIEV4ZWN1dGlvbgUOQ29kZSBFeGVjdXRpb25nEAURRGVuaWFsIG9mIFNlcnZpY2UFEURlbmlhbCBvZiBTZXJ2aWNlZxAFGEVzY2FsYXRpb24gb2YgUHJpdmlsZWdlcwUYRXNjYWxhdGlvbiBvZiBQcml2aWxlZ2VzZxAFFkluZm9ybWF0aW9uIERpc2Nsb3N1cmUFFkluZm9ybWF0aW9uIERpc2Nsb3N1cmVnEAUFT3RoZXIFBU90aGVyZxYAZAIVDxYCHglpbm5lcmh0bWxlZAIXDxYCHwZlZAIbDxYCHwZlZAIfDw8WAh8DZWRkAiUPFgIfBmVkAgcPZBYCAgMPEA8WAh8CZ2QPFgYCAQICAgMCBAIFAgYWBhAFCUR1cGxpY2F0ZQUJRHVwbGljYXRlZxAFCVJlamVjdGlvbgUJUmVqZWN0aW9uZxAFC1NwbGl0L01lcmdlBQtTcGxpdC9NZXJnZWcQBRJVcGRhdGUgRGVzY3JpcHRpb24FElVwZGF0ZSBEZXNjcmlwdGlvbmcQBRFVcGRhdGUgUmVmZXJlbmNlcwURVXBkYXRlIFJlZmVyZW5jZXNnEAUFT3RoZXIFBU90aGVyZxYBZmQCCw9kFgICAQ8QDxYCHwJnZA8WBAIBAgICAwIEFgQQBQhRdWVzdGlvbgUIUXVlc3Rpb25nEAUFSXNzdWUFBUlzc3VlZxAFB0NvbW1lbnQFB0NvbW1lbnRnEAUFT3RoZXIFBU90aGVyZxYBZmRkIyjw/eGBRnfy2ThCKPS2lW+Z0ahDgOacFYZxsZfzoHU=" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['form1']; if (!theForm) { theForm = document.form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <script src="/WebResource.axd?d=1vW4WH8qEuX9hT-_6ilLbG77lIu-SkyPZn9sCcSzoBPEKEDqQS2kUzrRioRRMjzygNU8SlANPLDs78GWyEMVTVIN91dPQp4ggxa_gRWGhDQ1&t=638628063619783110" type="text/javascript"></script> <script src="/ScriptResource.axd?d=d3hDBAS0ARmEBWBDkerkJRefzP2KM5yWhVohIXlIStPfBfaR-fQ61M-s9K7Wpd2hADFAIlpVBGWiLF722r60WVtDtiFffg7CYHqgj6ysaLofhC5JpeNcbC3gN3qd-8_ICLivciml5OzLBXrpY8SuFamWFCRX_on10-F-bOXiYi6Y6Ab8ah03kdFVEwJ6rDfL0&t=2a9d95e3" type="text/javascript"></script> <script type="text/javascript"> //<![CDATA[ if (typeof(Sys) === 'undefined') throw new Error('ASP.NET Ajax client-side framework failed to load.'); //]]> </script> <script src="/ScriptResource.axd?d=Px8KEKOcPJ10_KdlwPJVbNJ4iK_I2T6FtnCxa4Cqdmp2ee0pKP0sfvV7OM0rdkrFQRLcDRo_Jt2A1LJK3HvCmgi8atRLd2bUiEYfe24ZFjcc7I2NV9Tj3RE9-N0FyBbNNtGZYjWPOd0G-BgD1Ci7GmirxlidW_HXSXX6RSwY9njE5M__l6hHAZffUO8vrHY_0&t=2a9d95e3" type="text/javascript"></script> <div class="aspNetHidden"> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEdAAlBKjbromqp4s9+s5KNeVEDzi4xffckKik8EOGuG/wu+wKsbT1LDiq9AtDszZ4EjMZaMb7GCSKSbwCcJyyku2ASXKSEBdpdSo1d4Ajx216YlNejiy7Ub0v5wq2+/6i0x2D87+yjOLPzGt+XPWjQOzOJW2qz3JXm+zJ0TEIazSX/kiYUKEfdO+dZy/K3+dSF6/gGiUsQ93l4BI7U9cmvx4EzLYhS05fUm2yZlI9EDieHjw==" /> </div> <script type="text/javascript"> //<![CDATA[ Sys.WebForms.PageRequestManager._initialize('ScriptManagerCveBlocks', 'form1', ['tUpdatePanelRequestForm','UpdatePanelRequestForm'], ['DropDownListRequestType','DropDownListRequestType'], [], 90, ''); //]]> </script> <header role="banner" id="cve-primary-header"> <nav id="cve-main-nav" class="navbar is-transparent is-fixed-top" role="navigation" aria-label="main navigation"> <div class="navbar-brand"> <a href="https://cve.org/" class="navbar-item"> <img src="Content/cveLogoR.svg" alt="CVE logo" class="cve-logo"/> </a> </div> <div class="is-hidden-desktop" style="float:right;"> <div class="navbar-item"> <a href="https://cve.mitre.org/cve/search_cve_list.html" target="_blank" class="button cve-button cve-button-outline"> <span>CVE Records</span> <span class="icon"> <img src="Content/search_icon.png" alt="CVE Record search" /> </span> </a> </div> </div> </nav> <nav id="cve-secondary-navbar" class="navbar is-hidden-touch mt-6" aria-label="navigation"> <div class="navbar-menu cve-secondary-navbar-menu is-active"> <div class="navbar-end is-mobile"> <div class="navbar-item cve-secondary-navbar-item"> <div class="buttons"> <a href="https://cve.mitre.org/cve/search_cve_list.html" target="_blank" class="button cve-button cve-button-outline"> <span>Search CVE Records</span> </a> </div> </div> </div> </div> </nav> </header> <div class="container-fluid">  <div id="UpdatePanelRequestForm"> <div id="PanelRequestorInfo" class="section-block"> <div class="row"> <div class="col-md-1"></div> <div class="col-md-6"> <h2>Submit a CVE Request</h2> </div> </div> <div class="row"> <div class="col-md-1"></div> <div class="required-text col-md-6"> <span class="redtext">*</span> Required </div> </div> <div class="row"> <div class="col-md-1"> <span id="error-message-request-type" class="error-icon"> <img src="Content/exclamation.jpg" alt="errors" /> </span> </div> <div class="col-md-10"> <div class="col-md-3" style="padding-left: 0px;"> <label for="DropDownListRequestType" class="left-label"> <span class="redtext">*</span> Select a request type </label> </div> <div class="col-md-9"> <select name="DropDownListRequestType" onchange="javascript:setTimeout('__doPostBack(\'DropDownListRequestType\',\'\')', 0)" id="DropDownListRequestType" class="form-control" style="display: inline; width: 34em"> <option selected="selected" value="">- Please choose an action -</option> <option value="Single">Report Vulnerability/Request CVE ID</option> <option value="Notify">Notify CVE about a publication</option> <option value="Update">Request an update to an existing CVE Entry</option> <option value="CNAProgram">Request information on the CVE Numbering Authority (CNA) Program</option> <option value="Other">Other</option> </select> </div> </div> </div> <div class="row"> <div class="col-md-1"> <span id="error-message-email" class="error-icon"> <img src="Content/exclamation.jpg" alt="errors" /> </span> </div> <div class="col-md-10"> <div class="col-md-3" style="padding-left: 0px;"> <label for="TextBoxEmail" class="left-label"> <span class="redtext">*</span> Enter your e-mail address </label> </div> <div class="col-md-9"> <input name="TextBoxEmail" type="text" maxlength="255" id="TextBoxEmail" class="form-control inputBox" placeholder="Please enter a valid e-mail address where we can reach you." style="display: inline; width: 34em;" /> </div> </div> </div> <div class="row"> <div class="col-md-3"></div> <div class="help-block col-md-6"> <div class="col-md-2" style="text-align: right"> <p> <img src="Content/info.jpg" alt="alert" /> </p> </div> <div class="col-md-10" style="padding-left: 0px;"> <label class="left-label"> <p> <span class="redtext">IMPORTANT: </span>Please add cve-request@mitre.org and cve@mitre.org as safe senders in your email client before completing this form. </p> </label> </div> </div> </div> <div class="row"> <div class="col-md-1"> </div> <div class="col-md-10"> <label for="TextBoxPgpKey" class="label left-label"> Enter a PGP Key (to encrypt) </label> <textarea name="TextBoxPgpKey" id="TextBoxPgpKey" class="form-control" rows="5" cols="40" maxlength="20000" placeholder="If you would like us to send an encrypted response, please provide a PGP key up to 20,000 characters. If your PGP key is longer than 20,000 characters, please provide a URL or contact us at cve@mitre.org to identify an alternative solution."></textarea> </div> </div> </div> </div> <div id="UpdateProgressMessage" style="display:none;"> <div class="container"> <span>Processing....</span> </div> </div> <div style="clear: both"></div> </div> <footer class="footer"> <div class="columns"> <div class="column"> <h4 class="title is-5">Legal</h4> <ul> <li><a href="https://cve.org/Legal/TermsOfUse">Terms of Use</a></li> <li><a href="https://cve.org/Legal/PrivacyPolicy">Privacy Policy</a></li> </ul> </div> <div class="column"> <h4 class="title is-5">Media</h4> <ul> <li><a href="https://cve.org/Media/News">News</a></li> <li><a href="https://cve.org/Media/Events">Events</a></li> <li> <span class="icon-text"> <a href="https://cve.mitre.org/news/newsletter.html">Sign up for e-newsletter</a> </span> </li> </ul> </div> <div class="column"> <h5 class="title is-5">Social Media</h5> <a class="cve-social-media-icon" href="https://github.com/CVEProject" target="_blank"> <span class="icon"> <p id="githubIcon" class="is-hidden">github</p> <img src="Content/github.png" height="20" width="20" aria-labelledby="githubIcon" aria-hidden="false" focusable="false"/> </span></a> <a class="cve-social-media-icon" href="https://www.linkedin.com/showcase/cve-cwe-capec" target="_blank"> <span class="icon"> <p id="linkedinIcon" class="is-hidden">linkedin</p> <img src="Content/linkedin.png" height="20" width="20" aria-labelledby="linkedinIcon" aria-hidden="false" focusable="false"/> </span></a> <a class="cve-social-media-icon" href="https://www.youtube.com/channel/UCUHd2XFDsKH8kjMZQaSKpDQ/" target="_blank"> <span class="icon"> <p id="youtubeIcon" class="is-hidden">youtube</p> <img src="Content/youtube.png" height="20" width="20" aria-labelledby="youtubeIcon" aria-hidden="false" focusable="false"/> </span></a> <div> <a class="cve-social-media-icon-with-text" href="https://twitter.com/CVEnew/" target="_blank"> <span class="icon"> <p id="twitterNewIcon" class="is-hidden">twitter for CVE New</p> <img src="Content/twitter.png" height="20" width="20" aria-labelledby="twitterNewIcon" aria-hidden="false" focusable="false"/> </span>New CVE Records</a> <a class="cve-social-media-icon-with-text" href="https://twitter.com/CVEannounce/" target="_blank"> <span class="icon"> <p id="twitterAnnounceIcon" class="is-hidden">twitter for CVE announce</p> <img src="Content/twitter.png" height="20" width="20" aria-labelledby="twitterAnnounceIcon" aria-hidden="false" focusable="false"/> </span> CVE Announce</a> </div> </div> <div class="column"> <h4 class="title is-5">Contact</h4> <ul> <li><a href="https://cveform.mitre.org">CVE Program Support</a></li> <li><a href="https://cve.org/PartnerInformation/ListofPartners">CNA</a></li> <li><a href="https://cveform.mitre.org">CVE Website Support</a></li> </ul> </div> </div> <div class="content"> <p> Use of the CVE<sup>®</sup> List and the associated references from this website are subject to the <a href="https://cve.org/Legal/TermsOfUse">terms of use</a>. CVE is sponsored by the <a href="https://www.dhs.gov/">U.S. Department of Homeland Security (DHS)</a> <a href="https://www.dhs.gov/cisa/cybersecurity-division/"> Cybersecurity and Infrastructure Security Agency (CISA)</a>. Copyright © 1999-2023, <a href="https://www.mitre.org/">The MITRE Corporation</a>. CVE and the CVE logo are registered trademarks of The MITRE Corporation. </p> </div> </footer> <script type="text/javascript"> var summaryMessage = ""; var hasMissingFields = false; var urlPattern = /((https?|ftps?):\/\/(?:www\w*\.|(?!www\w))[^\s\.]+\.[^\s\/]{2,}|www\w*\.[^\s]+\.[^\s\/]{2,})/; var emailPattern = /^([a-zA-Z0-9_\-\.]+)@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*(\.[a-zA-Z]{2,})$/; var datePattern = /(0[1-9]|1[012])[- \/.](0[1-9]|[12][0-9]|3[01])[- \/.](19|20)\d\d/; var phonePattern = /^(\+?[\d\s-.]{10,30})+([\sxX.-]{1,3}\d{1,6})?$/; //https://www.howtocallabroad.com/codes.html var isDirty = false; var processing = false; var linkPlaceHolder = "Please include one reference/URL per line including protocol and domain name, e.g.,\nwww.link.com\nhttps://link.org\n"; function pageLoad(sender, args) { $("[data-toggle=popover]").popover({ html: true }); $("#TextBoxPubDate").mask("99/99/9999"); processing = false; $("a[data-toggle=popover]").on('click', function (e) { e.preventDefault(); return true; }); $('body').on('click', function (e) { $('[data-toggle="popover"]').each(function () { //the 'is' for buttons that trigger popups //the 'has' for icons within a button that triggers a popup if (!$(this).is(e.target) && $(this).has(e.target).length === 0 && $('.popover').has(e.target).length === 0) { $(this).popover('hide'); } }); }); $("#ButtonSubmitRequest").click(function (e) { if (processing) return; // With Ajax binding we need to check if this has already run for performance processing = true; summaryMessage = ""; hasMissingFields = false; hasInvalidFieldSize = false; isEmailControlValid("#TextBoxEmail", "#error-message-email", "Email"); isControlValid("#DropDownListRequestType", "#error-message-request-type", "- Please select a Request Type"); if ($("#DropDownListRequestType").val() == "Single") { isCountControlValid("#TextBoxCveIds", "#error-message-cve-count", "- Please enter the number of CVE IDs requested (1 to 10)", 1, 10); isCheckboxValid("#CheckBoxCnaVerified", "#error-message-cna-verify", "- Please verify ‘CNA-covered product verification’"); isCheckboxValid("#CheckBoxCveAssigned", "#error-message-cve-verify", "- Please verify ‘CVE ID not assigned verification’") alreadyInvalid = false; $(".vulnType").each(function (i, control) { alreadyInvalid = isTableControlValid(this, "#error-message-vuln-type", "Vulnerability Type", alreadyInvalid); alreadyInvalid = false; if ($(this).val() == "Other or Unknown") { $(".vulnTypeOther").each(function (i, control) { alreadyInvalid = isTableControlValid(this, "#error-message-other-vuln-type", "Other Vulnerability Type", alreadyInvalid); }); } }); alreadyInvalid = false; $(".vendor").each(function (i, control) { alreadyInvalid = isTableControlValid(this, "#error-message-vendor", "Vendor", alreadyInvalid); }); var alreadyInvalid = false; $(".prodVer").each(function (i, control) { alreadyInvalid = isTableControlValid(this, "#error-message-prodcodebase", "Product/Version", alreadyInvalid); }); alreadyInvalid = false; $(".reference-link").each(function (i, control) { alreadyInvalid = isUrlListControlValid(this, "#error-message-references", "Reference(s)", false); }); } else if ($("#DropDownListRequestType").val() == "Block") { isCountControlValid("#TextBoxCVEBlockNumber", "#error-message-blocknum", "- Please enter the number of CVE IDs needed (1-999)", 1, 999); } else if ($("#DropDownListRequestType").val() == "Notify") { isUrlControlValid("#TextBoxAdvisoryLink", "#error-message-advLink", "Advisory Link"); isControlValid("#TextBoxCveNotifyId", "#error-message-pubIds", "Please enter CVE IDs, separated with commas"); if ($("#TextBoxPubDate").val() != "") { isDateControlValid("#TextBoxPubDate", "#error-message-pubdate", "Please enter a valid publication date (Format: mm/dd/yyyy). Date has to be less than or equal to today’s date."); } isControlValid("#TextBoxNotifyAddlInfo", "#error-message-add_info_cve_id", "Additional Information CVE ID Description") } else if ($("#DropDownListRequestType").val() == "Update") { isControlValid("#DropDownListUpdateType", "#error-message-updType", "Please select a Type of Update"); if ($("#DropDownListUpdateType").val() == "Other") { isControlValid("#TextBoxUpdateTypeOther", "#error-message-other-updType", "Please enter Other Update Type"); } isControlValid("#TextBoxCveUpdateId", "#error-message-updId", "Please enter CVE ID"); isControlValid("#TextBoxUpdateDescription", "#error-message-updDesc", "Please enter an Update Description"); isUrlListControlValid("#TextBoxUpdateRefLink", "#error-message-updUrl", "Link to References", false); } else if ($("#DropDownListRequestType").val() == "CNAProgram") { isControlValid("#TextBoxCNACustomerName", "#error-message-cnaName", "Please enter your full name"); isControlValid("#TextBoxCNADescription", "#error-message-cna-comment", "Please provide any additional information you want to share with us"); isPhoneControlValid("#TextBoxCNACustomerPhoneNumber", "#error-message-cnaPhoneNumber", "Please enter a valid phone number (Format: +1 555-555-5555 or +1 555-555-5555 x Ext)"); } else if ($("#DropDownListRequestType").val() == "Other") { isControlValid("#DropDownListCommentType", "#error-message-commentType", "Please select Type of Comment"); isControlValid("#TextBoxDescription", "#error-message-comment", "Please provide any additional information you want to share with us"); } isControlValid("#TextBoxCaptcha", "#error-message-secCode", "Please enter Security Code"); if (hasMissingFields) { $("#LabelErrorMessage").html(summaryMessage); $("#PanelErrorInfo").css("display", "block"); e.preventDefault(); processing = false; } else { // Clear dirty bit isDirty = false; // Escape the email address before posting $("#TextBoxEmail").val(escape($("#TextBoxEmail").val())) $(".ref-urls").each(function (i, control) { if ($(this).val().trim() == linkPlaceHolder.trim()) { $(this).val(""); //Empty the text area because we do not want to save place holder value } }); } return !hasMissingFields; }); $("#DropDownListUpdateType").change(function () { if ($("#DropDownListUpdateType").val() == "Other") { $("#PanelOtherUpdateType").css("display", "block").fadeIn("slow"); } else { $("#PanelOtherUpdateType").css("display", "none").fadeOut("slow"); } }); $(".form-control").change(function () { isDirty = true; }); $(".inputBox").keypress(function (event) { if (event.keyCode == 13) { event.preventDefault(); return false; } }); $("input[type='text'], select").blur(function() { if ($(this).val().trim != "") { $(this).css("border-color", "#999"); $(this).css("border-width", "1px"); return true } }); $("#ButtonCancel").click(function (e) { if (isDirty) { if (!confirm("Are you sure you want to cancel this request? Information entered will not be saved.")) { e.preventDefault(); } else { isDirty = false; } } }); $(".numBox").keypress(function (event) { var allow = event.keyCode >= 48 && event.keyCode <= 57; return allow; }); //Code to add place holder to the Url fields $(".ref-urls").each(function (i, control) { var urlVal = $(this).val(); if (urlVal.trim() == "") { $(this).val(linkPlaceHolder); $(this).css("color", "#999"); } else if (urlVal.trim() == linkPlaceHolder.trim()) { $(this).css("color", "#999"); } $(this).focusin(function (event) { var textAreaVal = $(this).val().trim(); if (textAreaVal == linkPlaceHolder.trim()) { $(this).val(""); $(this).css("color", ""); } }); $(this).focusout(function (event) { var textAreaVal = $(this).val(); if (textAreaVal == "") { $(this).val(linkPlaceHolder); $(this).css("color", "#999"); } }); }); $("#TextBoxCveIds").keypress(function (event) { var currentValue = $("#TextBoxCveIds").val().trim(); var charCode = (typeof event.which == "number") ? event.which : event.keyCode; // Detect backspace or del if (charCode == 8 || charCode == 127 || charCode == 0) { return true; } else if (charCode == 46) { return false; } if (charCode == 48) { // Handle 0 currentValue += String.fromCharCode(charCode); } else { currentValue = String.fromCharCode(charCode); } if (currentValue < 1 || currentValue > 10 || isNaN(currentValue)) { event.preventDefault(); return false; } return true; }); } function isEmailControlValid(control, errorIcon, field) { var email = $(control).val().trim(); if (email == "" || emailPattern.test(email) == false) { hasMissingFields = true; $(control).css("border-color", "red"); $(control).css("border-width", "2px"); $(errorIcon).css("display", "inline-block"); summaryMessage += "- The Email Address is in an invalid format<br/>"; } else { $(control).css("border-color", "#999"); $(control).css("border-width", "1px"); $(errorIcon).css("display", "none"); } } function isPhoneControlValid(control, errorIcon, message) { var phoneNumber = $(control).val().trim(); var isValidPhone = false; if (phoneNumber.trim() != "") { if (phonePattern.test(phoneNumber) == false) { hasMissingFields = true; $(control).css("border-color", "red"); $(control).css("border-width", "2px"); $(errorIcon).css("display", "inline-block"); summaryMessage += "- " + message + "<br/>"; isValidPhone = false; } else { isValidPhone = true; } } else { isValidPhone = true; } if(isValidPhone) { $(control).css("border-color", "#999"); $(control).css("border-width", "1px"); $(errorIcon).css("display", "none"); } } function isUrlListControlValid(control, errorIcon, field, required) { var controlVal = $(control).val().trim(); if (controlVal == linkPlaceHolder.trim()) // Placeholder text is not real input value { controlVal = ""; } if (controlVal == "" && required) { hasMissingFields = true; $(control).css("border-color", "red"); $(control).css("border-width", "2px"); $(errorIcon).css("display", "inline-block"); summaryMessage += "- " + field + " is an invalid URL.<br/>"; return; } else if (controlVal == "" && !required) { $(control).css("border-color", "#999"); $(control).css("border-width", "1px"); $(errorIcon).css("display", "none"); return; } else { var urls = controlVal.split('\n'); for (var i = 0; i < urls.length; i++) { if (urls[i].trim() != "" && !isUrlValid(urls[i].trim())) { hasMissingFields = true; $(control).css("border-color", "red"); $(control).css("border-width", "2px"); $(errorIcon).css("display", "inline-block"); summaryMessage += "- " + field + " is an invalid URL. Please include one URL per line<br/>"; break; } else { $(control).css("border-color", "#999"); $(control).css("border-width", "1px"); $(errorIcon).css("display", "none"); } } } } function isUrlControlValid(control, errorIcon, field) { var url = $(control).val().trim(); if (url == "" || !isUrlValid(url)) { hasMissingFields = true; $(control).css("border-color", "red"); $(control).css("border-width", "2px"); $(errorIcon).css("display", "inline-block"); summaryMessage += " - " + field + " is an invalid URL<br/>"; } else { $(control).css("border-color", "#999"); $(control).css("border-width", "1px"); $(errorIcon).css("display", "none"); } } function isCountControlValid(control, errorIcon, message, min, max) { var count = $(control).val().trim(); if (count == "" || isNaN(count) || (count > max || count < min)) { hasMissingFields = true; $(control).css("border-color", "red"); $(control).css("border-width", "2px"); $(errorIcon).css("display", "inline-block"); summaryMessage += message + "<br/>"; } else { $(control).css("border-color", "#999"); $(control).css("border-width", "1px"); $(errorIcon).css("display", "none"); } } function isControlValid(control, errorIcon, message) { if ($(control).val().trim() == "") { hasMissingFields = true; $(control).css("border-color", "red"); $(control).css("border-width", "2px"); $(errorIcon).css("display", "inline-block"); summaryMessage += "- " + message + "<br/>"; } else { $(control).css("border-color", "#999"); $(control).css("border-width", "1px"); $(errorIcon).css("display", "none"); } } function isDateControlValid(control, errorIcon, message) { var dateStr = $(control).val().trim(); var date = new Date(dateStr); var now = new Date(); if (date instanceof Date && !isNaN(date.valueOf()) && date.getTime() <= now.getTime()) { $(control).css("border-color", "#999"); $(control).css("border-width", "1px"); $(errorIcon).css("display", "none"); } else { hasMissingFields = true; $(control).css("border-color", "red"); $(control).css("border-width", "2px") $(errorIcon).css("display", "inline-block"); summaryMessage += "- " + message + "<br/>"; } } function isTableControlValid(control, errorIcon, field, alreadyInvalid) { if ($(control).val().trim() == "") { hasMissingFields = true; $(control).css("border-color", "red"); $(control).css("border-width", "2px"); if (!alreadyInvalid) { $(control).closest(errorIcon).css("display", "inline-block"); if (field == "Vulnerability Type") { summaryMessage += "- Please select a Vulnerability type<br/>"; } else if (field == "Product/Version") { summaryMessage += "- Please enter Product/Version<br/>"; } else if (field == "Other Vulnerability Type") { summaryMessage += "- Please enter Other Vulnerability type<br/>"; } else if (field == "Vendor") { summaryMessage += "- Please enter Vendor of the Product<br/>"; } alreadyInvalid = true; } } else { $(control).css("border-color", "#999"); $(control).css("border-width", "1px"); if (!alreadyInvalid) { $(control).closest(errorIcon).css("display", "none"); } } return alreadyInvalid; } function isCheckboxValid(control, errorIcon, message) { if (!$(control).is(":checked")) { hasMissingFields = true; $(control).css("border-color", "red"); $(control).css("border-width", "2px"); $(errorIcon).css("display", "inline-block"); summaryMessage += message + "<br/>"; } else { $(control).css("border-color", "#999"); $(control).css("border-width", "1px"); $(errorIcon).css("display", "none"); } } function isUrlValid(url) { var urlValid = false; urlValid = urlPattern.test(url); if (url.indexOf(" ") >= 0) { urlValid = false; } for (var i = 0, n = url.length; i < n; i++) { if (url.charCodeAt(i) > 255) { urlValid = false; } } return urlValid; } function convertToISODateString(dateStr) { var dateParts = dateStr.split('/'); if (dateParts.length === 3) { return dateParts[2] + '-' + dateParts[0] + '-' + dateParts[1]; } return ""; } function fieldSizeValid(controlName, friendlyName) { var maxSize = $(controlName).prop("maxlength"); var realSize = $(controlName).val().length; if (realSize > maxSize) { hasInvalidFieldSize = true; fieldSizeMessage += "- " + friendlyName + "<br>"; } } </script> <div id="vulnerabilityModal" class="modal fade" tabindex="-1" role="dialog" aria-labelledby="vulnerabilityModalLabel"> <div class="modal-dialog modal-lg" role="document"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-label="Close"> <span aria-hidden="true">×</span> </button> <h4 class="modal-title">Vulnerability Information</h4> </div> <div class="modal-body"> <div class="row"> <div class="col-sm-3" style="font-weight: bold"> Vulnerability Type </div> <div class="col-sm-2" style="font-weight: bold"> CWE-ID </div> <div class="col-sm-7" style="font-weight: bold"> Definition </div> </div> <div class="row"> <div class="col-sm-3"> Buffer Overflow </div> <div class="col-sm-2"> <a href="http://cwe.mitre.org/data/definitions/119.html" target="_blank">CWE-119</a> </div> <div class="col-sm-7"> The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. </div> </div> <div class="row"> <div class="col-sm-3"> Cross Site Scripting (XSS) </div> <div class="col-sm-2"> <a href="http://cwe.mitre.org/data/definitions/79.html" target="_blank">CWE-79</a> </div> <div class="col-sm-7"> The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. </div> </div> <div class="row"> <div class="col-sm-3"> SQL Injection </div> <div class="col-sm-2"> <a href="http://cwe.mitre.org/data/definitions/89.html" target="_blank">CWE-89</a> </div> <div class="col-sm-7"> The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. </div> </div> <div class="row"> <div class="col-sm-3"> Directory Traversal </div> <div class="col-sm-2"> <a href="http://cwe.mitre.org/data/definitions/22.html" target="_blank">CWE-22</a> </div> <div class="col-sm-7"> The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. </div> </div> <div class="row"> <div class="col-sm-3"> XML External Entity (XXE) </div> <div class="col-sm-2"> <a href="http://cwe.mitre.org/data/definitions/611.html" target="_blank">CWE-611</a> </div> <div class="col-sm-7"> The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. </div> </div> <div class="row"> <div class="col-sm-3"> Insecure Permissions </div> <div class="col-sm-2"> <a href="http://cwe.mitre.org/data/definitions/276.html" target="_blank">CWE-276</a> </div> <div class="col-sm-7"> The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor. </div> </div> <div class="row"> <div class="col-sm-3"> Incorrect Access Control </div> <div class="col-sm-2"> <a href="http://cwe.mitre.org/data/definitions/284.html" target="_blank">CWE-284</a> </div> <div class="col-sm-7"> The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. </div> </div> <div class="row"> <div class="col-sm-3"> Integer Overflow </div> <div class="col-sm-2"> <a href="http://cwe.mitre.org/data/definitions/190.html" target="_blank">CWE-190</a> </div> <div class="col-sm-7"> The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. </div> </div> <div class="row"> <div class="col-sm-3"> Cross Site Request Forgery (CSRF) </div> <div class="col-sm-2"> <a href="http://cwe.mitre.org/data/definitions/352.html" target="_blank">CWE-352</a> </div> <div class="col-sm-7"> The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. </div> </div> <div class="row"> <div class="col-sm-3"> Missing SSL certification verification </div> <div class="col-sm-2"> <a href="http://cwe.mitre.org/data/definitions/599.html" target="_blank">CWE-599</a> </div> <div class="col-sm-7"> The software uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements. </div> </div> <div class="row"> <div class="col-sm-3"> Other or Unknown </div> <div class="col-sm-2"> N/A </div> <div class="col-sm-7"> The software contains a mistake other than above which can be directly used by a hacker to gain access to a system or network. </div> </div> </div> </div> </div> </div> <div id="otherVulnerabilityModal" class="modal fade" tabindex="-1" role="dialog" aria-labelledby="otherVulnerabilityModalLabel"> <div class="modal-dialog modal-lg" role="document"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-label="Close"> <span aria-hidden="true">×</span> </button> <h4 class="modal-title">Other Vulnerability Information</h4> </div> <div class="modal-body"> <div class="row container"> You can find more information at <a href="http://cwe.mitre.org" target="_blank">cwe.mitre.org</a> </div> <div class="row"> <div class="col-md-4"> <ul> <li>Algorithm complexity</li> <li>Array index error</li> <li>Auth bypass using cookie</li> <li>Buffer Overflow</li> <li>Cross-Site Request Forgery (CSRF)</li> <li>Cross-Site Scripting (XSS)</li> <li>Directory Traversal</li> <li>Double free</li> <li>Eval injection</li> <li>File Upload</li> <li>Format String</li> <li>HTTP Response Splitting</li> </ul> </div> <div class="col-md-4"> <ul> <li>HTTP Request Splitting</li> <li>Incomplete blacklist</li> <li>Integer Overflow</li> <li>Integer Signedness</li> <li>Memory Leak</li> <li>Shell Metacharacter Injectoin</li> <li>Open Redirect</li> <li>Redirect without Exit</li> <li>Path Disclosure</li> <li>Insecure Permissions</li> <li>PHP remote file inclusion</li> <li>Session Fixation</li> </ul> </div> <div class="col-md-4"> <ul> <li>SQL Injection</li> <li>Symbolic Link Following</li> <li>Untrusted Search Path</li> <li>Unquoted Windows search path</li> <li>Use after free</li> <li>Default user/password</li> <li>Large or infinite loop</li> <li>Exposed insecure/unsafe method in ActiveX control</li> <li>Generation of insufficiently random numbers</li> <li>XML Extneral Entity (XXE)</li> <li>Incorrect Access Control</li> <li>Missing SSL certificate validation</li> </ul> </div> </div> </div> </div> </div> </div> <div id="attackTypeModal" class="modal fade" tabindex="-1" role="dialog" aria-labelledby="attackTypeModalLabel"> <div class="modal-dialog modal-lg" role="document"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-label="Close"> <span aria-hidden="true">×</span> </button> <h4 class="modal-title">Vulnerability Information</h4> </div> <div class="modal-body"> <div class="row"> <div class="col-sm-4" style="font-weight: bold"> Attack Type </div> <div class="col-sm-8" style="font-weight: bold"> Definition </div> </div> <div class="row"> <div class="col-sm-4"> Remote </div> <div class="col-sm-8"> The vulnerability can be exploited through a network. The attacker may be either on the adjacent or remote network. </div> </div> <div class="row"> <div class="col-sm-4"> Local </div> <div class="col-sm-8"> To exploit the vulnerability, the attacker needs to be logged into the operating system on a local machine or a guest operating system. </div> </div> <div class="row"> <div class="col-sm-4"> Physical </div> <div class="col-sm-8"> The attacker needs to be located near the victim or have physical access to the vulnerable system to exploit the vulnerability. Examples include touching a workstation keyboard or USB device, "shoulder surfing" to see a workstation's display, and touching the screen of a mobile device. </div> </div> <div class="row"> <div class="col-sm-4"> Context-dependent </div> <div class="col-sm-8"> The type of access needed to exploit the vulnerability is dependent on how the vulnerable product is used. This is most often used for libraries. </div> </div> </div> </div> </div> </div> <div id="updateTypeModal" class="modal fade" tabindex="-1" role="dialog" aria-labelledby="updateTypeModalLabel"> <div class="modal-dialog modal-lg" role="document"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-label="Close"> <span aria-hidden="true">×</span> </button> <h4 class="modal-title">Vulnerability Information</h4> </div> <div class="modal-body"> <div class="row"> <div class="col-sm-4" style="font-weight: bold"> Update Type </div> <div class="col-sm-8" style="font-weight: bold"> Definition </div> </div> <div class="row"> <div class="col-sm-4"> Duplicate </div> <div class="col-sm-8"> More than one CVE ID has been assigned to a single vulnerability. </div> </div> <div class="row"> <div class="col-sm-4"> Rejection </div> <div class="col-sm-8"> Vendor rejects the assignment of a particular CVE ID. </div> </div> <div class="row"> <div class="col-sm-4"> Split/Merge </div> <div class="col-sm-8"> A single CVE Entry should be split into two or more CVE Entries OR Two or more existing CVE Entries should be merged into a single CVE Entry. </div> </div> <div class="row"> <div class="col-sm-4"> Update Description </div> <div class="col-sm-8"> Update the description in an existing CVE Entry. </div> </div> <div class="row"> <div class="col-sm-4"> Update References </div> <div class="col-sm-8"> Add, remove, or change a reference for an existing CVE Entry. </div> </div> <div class="row"> <div class="col-sm-4"> Other </div> <div class="col-sm-8"> Any request related to an existing CVE Entry that does not fall within one of the other categories. </div> </div> </div> </div> </div> </div> <script type="text/javascript"> //<![CDATA[ Sys.Application.add_init(function() { $create(Sys.UI._UpdateProgress, {"associatedUpdatePanelId":null,"displayAfter":500,"dynamicLayout":true}, null, null, $get("UpdateProgressMessage")); }); //]]> </script> </form> </body> </html>

CINXE.COM

CVE - Common Vulnerabilities and Exposures (CVE)