CVE-2019-12132
published 2020-03-18CVE-2019-12132: An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an…
PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.46%
70.4th percentile
An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gnu | glibc | >= 0 < 2.23-0ubuntu11.3+esm3 | 2.23-0ubuntu11.3+esm3 |
| onap | open_network_automation_platform | >= 3.0.0 < 4.0.0 | 4.0.0 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
glibc vulnerabilities
osv·2022-12-08·CVSS 5.9
CVE-2016-10228 glibc vulnerabilities
glibc vulnerabilities
Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library
iconv feature incorrectly handled certain input sequences. An attacker
could possibly use this issue to cause the GNU C Library to hang or crash,
resulting in a denial of service. (CVE-2016-10228, CVE-2019-25013,
CVE-2020-27618)
It was discovered that the GNU C Library did not properly handled DNS
responses when ENDS0 is enabled. An attacker could possibly use this issue
to cause fragmentation-based attacks. (CVE-2017-12132)
GHSA
GHSA-67pr-9x6c-9829: An issue was discovered in ONAP SDNC before Dublin
ghsa_unreviewed·2022-05-24
CVE-2019-12132 [HIGH] GHSA-67pr-9x6c-9829: An issue was discovered in ONAP SDNC before Dublin
An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-03-18
Published