Publication Date:
Last Update:
Current Version: V2.1
CVSS v3.1 Base Score: 9.8
CVSS v4.0 Base Score: 9.4
Un-/Collapse All
Affected Product and Versions Remediation
  • Only build and run applications from trusted sources.

Please follow the General Security Recommendations.

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

CVSS v3.1 Base Score 9.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C
CVSS v4.0 Base Score 8.8
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
CWE CWE-611: Improper Restriction of XML External Entity Reference
CVSS v3.1 Base Score 4.7
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
CVSS v4.0 Base Score 5.7
CVSS v4.0 Vector CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
CWE CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CVSS v3.1 Base Score 9.0
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
CVSS v4.0 Base Score 9.4
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CWE CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVSS v3.1 Base Score 7.6
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C
CWE CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-311: Missing Encryption of Sensitive Data
CVSS v3.1 Base Score 6.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C
CWE CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-611: Improper Restriction of XML External Entity Reference
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-611: Improper Restriction of XML External Entity Reference
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CVSS v4.0 Base Score 6.9
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-770: Allocation of Resources Without Limits or Throttling
CVSS v3.1 Base Score 4.7
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-203: Observable Discrepancy
CVSS v3.1 Base Score 8.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-209: Generation of Error Message Containing Sensitive Information
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 4.7
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-611: Improper Restriction of XML External Entity Reference
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 9.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 9.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 9.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 9.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 9.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 8.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 3.7
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-427: Uncontrolled Search Path Element
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-415: Double Free
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 6.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-116: Improper Encoding or Escaping of Output
CVSS v3.1 Base Score 6.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-838: Inappropriate Encoding for Output Context
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-404: Improper Resource Shutdown or Release
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-311: Missing Encryption of Sensitive Data
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-311: Missing Encryption of Sensitive Data
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-400: Uncontrolled Resource Consumption
CVSS v3.1 Base Score 6.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C
CWE CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 6.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C
CWE CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')
CVSS v3.1 Base Score 9.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-172: Encoding Error
CVSS v3.1 Base Score 4.2
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-668: Exposure of Resource to Wrong Sphere
CVSS v3.1 Base Score 4.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-311: Missing Encryption of Sensitive Data
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-311: Missing Encryption of Sensitive Data
CVSS v3.1 Base Score 6.3
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-203: Observable Discrepancy
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-331: Insufficient Entropy
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-311: Missing Encryption of Sensitive Data
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-369: Divide By Zero
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 8.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 8.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 5.4
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-273: Improper Check for Dropped Privileges
CVSS v3.1 Base Score 6.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C
CWE CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVSS v3.1 Base Score 3.3
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-665: Improper Initialization
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-681: Incorrect Conversion between Numeric Types
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-674: Uncontrolled Recursion
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-754: Improper Check for Unusual or Exceptional Conditions
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
CWE CWE-755: Improper Handling of Exceptional Conditions
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-434: Unrestricted Upload of File with Dangerous Type
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
CWE CWE-772: Missing Release of Resource after Effective Lifetime
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-311: Missing Encryption of Sensitive Data
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-755: Improper Handling of Exceptional Conditions
CVSS v3.1 Base Score 9.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-401: Missing Release of Memory after Effective Lifetime
CVSS v3.1 Base Score 4.4
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-311: Missing Encryption of Sensitive Data
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-330: Use of Insufficiently Random Values
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.1
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 7.0
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 8.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-195: Signed to Unsigned Conversion Error
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
CWE CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
CWE CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS v3.1 Base Score 7.1
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 3.7
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-674: Uncontrolled Recursion
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
CWE CWE-295: Improper Certificate Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-427: Uncontrolled Search Path Element
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-400: Uncontrolled Resource Consumption
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 8.2
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-704: Incorrect Type Conversion or Cast
CVSS v3.1 Base Score 8.6
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 7.4
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-330: Use of Insufficiently Random Values
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-665: Improper Initialization
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-674: Uncontrolled Recursion
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 6.1
CVSS v3.1 Vector CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-290: Authentication Bypass by Spoofing
CVSS v3.1 Base Score 7.0
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 6.7
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-269: Improper Privilege Management
CVSS v3.1 Base Score 7.4
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-203: Observable Discrepancy
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-682: Incorrect Calculation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-427: Uncontrolled Search Path Element
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-426: Untrusted Search Path
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 3.3
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-617: Reachable Assertion
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-617: Reachable Assertion
CVSS v3.1 Base Score 7.2
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C
CWE CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-674: Uncontrolled Recursion
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 4.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-617: Reachable Assertion
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-191: Integer Underflow (Wrap or Wraparound)
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-617: Reachable Assertion
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-763: Release of Invalid Pointer or Reference
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-415: Double Free
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-311: Missing Encryption of Sensitive Data
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-191: Integer Underflow (Wrap or Wraparound)
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-617: Reachable Assertion
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-617: Reachable Assertion
CVSS v3.1 Base Score 5.7
CVSS v3.1 Vector CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 8.6
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
CWE CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-400: Uncontrolled Resource Consumption
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-400: Uncontrolled Resource Consumption
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-674: Uncontrolled Recursion
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-193: Off-by-one Error
CVSS v3.1 Base Score 4.3
CVSS v3.1 Vector CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-345: Insufficient Verification of Data Authenticity
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-252: Unchecked Return Value
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 8.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS v3.1 Base Score 3.7
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
CWE CWE-290: Authentication Bypass by Spoofing
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-668: Exposure of Resource to Wrong Sphere
CVSS v3.1 Base Score 3.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-909: Missing Initialization of Resource
CVSS v3.1 Base Score 8.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-354: Improper Validation of Integrity Check Value
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-522: Insufficiently Protected Credentials
CVSS v3.1 Base Score 3.7
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-706: Use of Incorrectly-Resolved Name or Reference
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-908: Use of Uninitialized Resource
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-295: Improper Certificate Validation
CVSS v3.1 Base Score 9.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-415: Double Free
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-319: Cleartext Transmission of Sensitive Information
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-345: Insufficient Verification of Data Authenticity
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-617: Reachable Assertion
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-681: Incorrect Conversion between Numeric Types
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-681: Incorrect Conversion between Numeric Types
CVSS v3.1 Base Score 2.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CWE CWE-415: Double Free
CVSS v3.1 Base Score 7.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-415: Double Free
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
CWE CWE-59: Improper Link Resolution Before File Access ('Link Following')
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
CWE CWE-295: Improper Certificate Validation
CVSS v3.1 Base Score 7.4
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-203: Observable Discrepancy
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-770: Allocation of Resources Without Limits or Throttling
CVSS v3.1 Base Score 9.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 3.3
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 3.3
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 3.3
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 3.3
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-311: Missing Encryption of Sensitive Data
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 7.0
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-311: Missing Encryption of Sensitive Data
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-311: Missing Encryption of Sensitive Data
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-400: Uncontrolled Resource Consumption
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-674: Uncontrolled Recursion
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-770: Allocation of Resources Without Limits or Throttling
CVSS v3.1 Base Score 9.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-193: Off-by-one Error
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-209: Generation of Error Message Containing Sensitive Information
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
CWE CWE-295: Improper Certificate Validation
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-404: Improper Resource Shutdown or Release
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-326: Inadequate Encryption Strength
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-415: Double Free
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-193: Off-by-one Error
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-326: Inadequate Encryption Strength
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-415: Double Free
CVSS v3.1 Base Score 8.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-287: Improper Authentication
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-116: Improper Encoding or Escaping of Output
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-668: Exposure of Resource to Wrong Sphere
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-400: Uncontrolled Resource Consumption
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 7.0
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-426: Untrusted Search Path
CVSS v3.1 Base Score 5.7
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-522: Insufficiently Protected Credentials
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-311: Missing Encryption of Sensitive Data
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-522: Insufficiently Protected Credentials
CVSS v3.1 Base Score 8.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-706: Use of Incorrectly-Resolved Name or Reference
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-311: Missing Encryption of Sensitive Data
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-918: Server-Side Request Forgery (SSRF)
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-400: Uncontrolled Resource Consumption
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-295: Improper Certificate Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-674: Uncontrolled Recursion
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-287: Improper Authentication
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 4.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-319: Cleartext Transmission of Sensitive Information
CVSS v3.1 Base Score 4.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CWE CWE-770: Allocation of Resources Without Limits or Throttling
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-770: Allocation of Resources Without Limits or Throttling
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-276: Incorrect Default Permissions
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 8.2
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C
CWE CWE-440: Expected Behavior Violation
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
CWE CWE-1286: Improper Validation of Syntactic Correctness of Input
CVSS v3.1 Base Score 8.6
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C
CWE CWE-121: Stack-based Buffer Overflow
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-129: Improper Validation of Array Index
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-415: Double Free
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
CWE CWE-415: Double Free
CVSS v3.1 Base Score 9.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
CWE CWE-319: Cleartext Transmission of Sensitive Information
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-319: Cleartext Transmission of Sensitive Information
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-407: Inefficient Algorithmic Complexity
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-400: Uncontrolled Resource Consumption
CVSS v3.1 Base Score 7.3
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C
CWE CWE-311: Missing Encryption of Sensitive Data
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.4
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 7.4
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-203: Observable Discrepancy
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-295: Improper Certificate Validation
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
CWE CWE-295: Improper Certificate Validation
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
CWE CWE-295: Improper Certificate Validation
CVSS v3.1 Base Score 4.6
CVSS v3.1 Vector CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CVSS v3.1 Base Score 5.7
CVSS v3.1 Vector CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-400: Uncontrolled Resource Consumption
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-770: Allocation of Resources Without Limits or Throttling
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 4.4
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CWE CWE-1333: Inefficient Regular Expression Complexity
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CWE CWE-834: Excessive Iteration
CVSS v3.1 Base Score 2.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE CWE-122: Heap-based Buffer Overflow
CVSS v3.1 Base Score 4.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE CWE-693: Protection Mechanism Failure
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-121: Stack-based Buffer Overflow
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE CWE-401: Missing Release of Memory after Effective Lifetime
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CWE CWE-754: Improper Check for Unusual or Exceptional Conditions
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-203: Observable Discrepancy
CVSS v3.1 Base Score 4.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 9.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-319: Cleartext Transmission of Sensitive Information
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
CWE CWE-319: Cleartext Transmission of Sensitive Information
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-770: Allocation of Resources Without Limits or Throttling
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C
CWE CWE-415: Double Free
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-311: Missing Encryption of Sensitive Data
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-287: Improper Authentication
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-287: Improper Authentication
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-415: Double Free
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-311: Missing Encryption of Sensitive Data
CVSS v3.1 Base Score 3.3
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
CWE CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-415: Double Free
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-400: Uncontrolled Resource Consumption
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-369: Divide By Zero
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-400: Uncontrolled Resource Consumption
CVSS v3.1 Base Score 4.7
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-400: Uncontrolled Resource Consumption
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CWE CWE-122: Heap-based Buffer Overflow
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-502: Deserialization of Untrusted Data
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-311: Missing Encryption of Sensitive Data
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-400: Uncontrolled Resource Consumption
CVSS v3.1 Base Score 7.7
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-122: Heap-based Buffer Overflow
CVSS v3.1 Base Score 3.7
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
CWE CWE-73: External Control of File Name or Path
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 5.1
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L/E:P/RL:O/RC:C
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 6.7
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 6.1
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 3.2
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE CWE-400: Uncontrolled Resource Consumption
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
CWE CWE-311: Missing Encryption of Sensitive Data
CVSS v3.1 Base Score 4.7
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
CVSS v4.0 Base Score 8.2
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
CWE CWE-222: Truncation of Security-relevant Information
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-400: Uncontrolled Resource Consumption
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE CWE-208: Observable Timing Discrepancy
CVSS v3.1 Base Score 4.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
CWE CWE-295: Improper Certificate Validation
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-772: Missing Release of Resource after Effective Lifetime
CVSS v3.1 Base Score 7.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N/E:P/RL:O/RC:C
CWE CWE-297: Improper Validation of Certificate with Host Mismatch
CVSS v3.1 Base Score 3.7
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CWE CWE-400: Uncontrolled Resource Consumption
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS v3.1 Base Score 4.7
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
CWE CWE-377: Insecure Temporary File
CVSS v3.1 Base Score 7.0
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
CWE CWE-364: Signal Handler Race Condition
CVSS v3.1 Base Score 3.7
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
CVSS v4.0 Base Score 6.3
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE CWE-295: Improper Certificate Validation
CVSS v3.1 Base Score 3.7
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CWE CWE-770: Allocation of Resources Without Limits or Throttling
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
CWE CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS v3.1 Base Score 5.0
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-248: Uncaught Exception
CVSS v3.1 Base Score 7.6
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C
CWE CWE-121: Stack-based Buffer Overflow
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 4.0
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
CWE CWE-617: Reachable Assertion
CVSS v3.1 Base Score 4.0
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
CWE CWE-466: Return of Pointer Value Outside of Expected Range
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
CWE CWE-126: Buffer Over-read
CVSS v3.1 Base Score 7.4
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
CVSS v4.0 Base Score 8.3
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-130: Improper Handling of Length Parameter Inconsistency
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CVSS v4.0 Base Score 7.1
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE CWE-130: Improper Handling of Length Parameter Inconsistency
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE CWE-131: Incorrect Calculation of Buffer Size
CVSS v3.1 Base Score 7.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 7.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS v4.0 Base Score 5.6
CVSS v4.0 Vector CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE CWE-754: Improper Check for Unusual or Exceptional Conditions
CVSS v3.1 Base Score 7.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
CVSS v4.0 Base Score 7.0
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
CWE CWE-787: Out-of-bounds Write

This SSA advises vulnerabilities for firmware version V3.1 only; for versions < V3.1 refer to Siemens Security Bulletin SSB-439005 (https://cert-portal.siemens.com/productcert/html/ssb-439005.html).

https://www.siemens.com/cert/advisories
V1.0 (2023-12-12): Publication Date
V1.1 (2024-01-09): Added CVE-2021-44879, CVE-2023-46218, CVE-2023-46219, and CVE-2023-48795
V1.2 (2024-02-13): Added CVE-2023-45898, CVE-2023-46862, CVE-2023-6121, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932, CVE-2024-0584
V1.3 (2024-03-12): Added CVE-2023-52425, CVE-2023-52426, CVE-2023-45918
V1.4 (2024-04-09): Added CVE-2024-28757
V1.5 (2024-05-14): Added CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-2511, CVE-2024-28085, CVE-2024-28182, CVE-2024-28834, CVE-2024-28835
V1.6 (2024-06-11): Added CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2024-34459
V1.7 (2024-07-09): Added CVE-2024-5535, CVE-2024-5742
V1.8 (2024-08-13): Added CVE-2017-15422, CVE-2024-7264, CVE-2024-37370, CVE-2024-37371
V1.9 (2024-10-08): Added CVE-2024-6409, CVE-2024-8096, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492
V2.0 (2024-11-12): Added CVE-2024-2236, CVE-2024-9143
V2.1 (2024-12-10): Added CVE-2024-50602, CVE-2024-52533