CVE-2018-9115
published 2018-04-04CVE-2018-9115: Systematic SitaWare 6.4 SP2 does not validate input from other sources sufficiently. e.g., information utilizing the NVG interface. An attacker can freeze the…
PriorityP340medium5.3CVSS 3.0
AVNACLPRNUINSUCNINAL
EXPLOIT
EPSS
6.02%
92.4th percentile
Systematic SitaWare 6.4 SP2 does not validate input from other sources sufficiently. e.g., information utilizing the NVG interface. An attacker can freeze the Situational Layer, which means that the Situational Picture is no longer updated. Unfortunately, the user cannot notice until he tries to work with that layer.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openexr | openexr | >= 0 < 2.2.0-10ubuntu2.2 | 2.2.0-10ubuntu2.2 |
| openexr | openexr | >= 0 < 2.2.0-11.1ubuntu1.2 | 2.2.0-11.1ubuntu1.2 |
| openexr | openexr | >= 0 < 2.3.0-6ubuntu0.1 | 2.3.0-6ubuntu0.1 |
| systematicinc | sitaware | — | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cpwg-c993-6j33: Systematic SitaWare 6
ghsa_unreviewed·2022-05-14
CVE-2018-9115 [MEDIUM] CWE-20 GHSA-cpwg-c993-6j33: Systematic SitaWare 6
Systematic SitaWare 6.4 SP2 does not validate input from other sources sufficiently. e.g., information utilizing the NVG interface. An attacker can freeze the Situational Layer, which means that the Situational Picture is no longer updated. Unfortunately, the user cannot notice until he tries to work with that layer.
OSV
openexr vulnerabilities
osv·2020-04-27·CVSS 8.8
CVE-2017-9111 openexr vulnerabilities
openexr vulnerabilities
Brandon Perry discovered that OpenEXR incorrectly handled certain malformed
EXR image files. If a user were tricked into opening a crafted EXR image
file, a remote attacker could cause a denial of service, or possibly
execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS.
(CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)
Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR
image files. If a user were tricked into opening a crafted EXR image file,
a remote attacker could cause a denial of service, or possibly execute
arbitrary code. This issue only applied to Ubuntu 20.04 LTS.
(CVE-2018-18444)
Samuel Groß discovered that OpenEXR incorrectly handled certain malformed
EXR image files. If a user were tricked into opening a crafted EXR i
No detection rules found.
No writeups or analysis indexed.
2018-04-04
Published