| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-9706 |
416 |
|
DoS |
2019-03-11 |
2019-03-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error. |
|
2 |
CVE-2019-9705 |
400 |
|
DoS |
2019-03-11 |
2019-03-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted. |
|
3 |
CVE-2019-7317 |
416 |
|
|
2019-02-04 |
2019-08-01 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. |
|
4 |
CVE-2019-7222 |
200 |
|
+Info |
2019-03-21 |
2019-08-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. |
|
5 |
CVE-2019-3815 |
399 |
|
|
2019-01-28 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2. |
|
6 |
CVE-2019-3811 |
20 |
|
|
2019-01-15 |
2019-08-06 |
2.7 |
None |
Local Network |
Low |
Single system |
None |
None |
Partial |
|
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable. |
|
7 |
CVE-2019-3500 |
532 |
|
+Info |
2019-01-02 |
2019-05-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. |
|
8 |
CVE-2018-20685 |
706 |
|
Bypass |
2019-01-10 |
2019-10-02 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. |
|
9 |
CVE-2018-20511 |
200 |
|
+Info |
2018-12-27 |
2019-04-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call. |
|
10 |
CVE-2018-20185 |
125 |
|
DoS |
2018-12-17 |
2019-01-08 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits. |
|
11 |
CVE-2018-19985 |
125 |
|
|
2019-03-21 |
2019-09-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space. |
|
12 |
CVE-2018-19489 |
362 |
|
DoS |
2018-12-13 |
2019-05-31 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. |
|
13 |
CVE-2018-19364 |
416 |
|
|
2018-12-13 |
2019-05-31 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. |
|
14 |
CVE-2018-18710 |
200 |
|
+Info |
2018-10-29 |
2019-04-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658. |
|
15 |
CVE-2018-18358 |
20 |
|
|
2018-12-11 |
2019-08-17 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file. |
|
16 |
CVE-2018-16866 |
125 |
|
|
2019-01-11 |
2019-05-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable. |
|
17 |
CVE-2018-16862 |
200 |
|
+Info |
2018-11-26 |
2019-04-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one. |
|
18 |
CVE-2018-16837 |
311 |
|
|
2018-10-23 |
2019-10-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list. |
|
19 |
CVE-2018-15594 |
200 |
|
+Info |
2018-08-20 |
2019-10-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. |
|
20 |
CVE-2018-15572 |
|
|
|
2018-08-19 |
2019-10-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks. |
|
21 |
CVE-2018-14662 |
732 |
|
|
2019-01-15 |
2019-10-02 |
2.7 |
None |
Local Network |
Low |
Single system |
Partial |
None |
None |
|
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. |
|
22 |
CVE-2018-13053 |
190 |
|
Overflow |
2018-07-02 |
2019-04-23 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. |
|
23 |
CVE-2018-12896 |
190 |
|
DoS Overflow |
2018-07-02 |
2019-04-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls. |
|
24 |
CVE-2018-12893 |
|
|
DoS |
2018-07-02 |
2019-10-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users. |
|
25 |
CVE-2018-12383 |
522 |
|
|
2018-10-18 |
2019-10-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1. |
|
26 |
CVE-2018-9251 |
835 |
|
DoS |
2018-04-03 |
2019-10-02 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035. |
|
27 |
CVE-2018-8754 |
125 |
|
|
2018-03-17 |
2018-08-31 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED ** The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on GitHub. |
|
28 |
CVE-2018-5953 |
200 |
|
+Info |
2018-08-07 |
2019-04-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call. |
|
29 |
CVE-2018-2790 |
|
|
|
2018-04-18 |
2019-10-02 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). |
|
30 |
CVE-2018-2641 |
|
|
|
2018-01-17 |
2019-10-02 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N). |
|
31 |
CVE-2018-2629 |
|
|
|
2018-01-17 |
2019-10-02 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N). |
|
32 |
CVE-2018-1118 |
200 |
|
+Info |
2018-05-10 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. |
|
33 |
CVE-2018-1106 |
287 |
|
Bypass |
2018-04-23 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system. |
|
34 |
CVE-2018-1071 |
119 |
|
DoS Overflow |
2018-03-09 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service. |
|
35 |
CVE-2018-1050 |
20 |
|
DoS |
2018-03-13 |
2019-04-09 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash. |
|
36 |
CVE-2017-17864 |
200 |
|
+Info |
2017-12-27 |
2018-01-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak." |
|
37 |
CVE-2017-17741 |
125 |
|
+Info |
2017-12-18 |
2018-04-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h. |
|
38 |
CVE-2017-16611 |
59 |
|
|
2017-12-01 |
2019-10-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. |
|
39 |
CVE-2017-15417 |
119 |
|
Overflow |
2018-08-28 |
2018-11-07 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
|
40 |
CVE-2017-13088 |
330 |
|
|
2017-10-17 |
2019-10-02 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. |
|
41 |
CVE-2017-13087 |
330 |
|
|
2017-10-17 |
2019-10-02 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. |
|
42 |
CVE-2017-13081 |
330 |
|
|
2017-10-17 |
2019-10-02 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. |
|
43 |
CVE-2017-13080 |
330 |
|
|
2017-10-17 |
2019-10-02 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. |
|
44 |
CVE-2017-13079 |
330 |
|
|
2017-10-17 |
2019-10-02 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. |
|
45 |
CVE-2017-13078 |
330 |
|
|
2017-10-17 |
2019-10-02 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. |
|
46 |
CVE-2017-8925 |
404 |
|
DoS |
2017-05-12 |
2019-10-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling. |
|
47 |
CVE-2017-8924 |
191 |
|
+Info |
2017-05-12 |
2019-04-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow. |
|
48 |
CVE-2017-7519 |
134 |
|
|
2018-07-27 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library. |
|
49 |
CVE-2017-5081 |
20 |
|
|
2017-10-27 |
2018-01-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files. |
|
50 |
CVE-2017-3539 |
|
|
|
2017-04-24 |
2019-10-02 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
|
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). |
