var-200505-0310
Vulnerability from variot
The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I have published advisories for 4 security vulnerabilities in Mac OS
X that were addressed by Apple Security Update 2005-005, released
today. http://docs.info.apple.com/article.html?artnum=301528.
This email contains brief summaries of the problems. Full details can
be found on my web site http://remahl.se/david/vuln/.
Description: help: URI handler execution of JavaScripts with known
paths vulnerability
My name: DR004 http://remahl.se/david/vuln/004/
CVE: CAN-2005-1337 [yes, cool, isn't it ;-)]
Summary: The Help Viewer application allows JavaScript and is thus
vulnerable to having scripts with arbitrary paths run with the
privileges granted to file: protocol URIs. The files can be started
with a URI on the form of help:///path/to/file.html. Combined with
XMLHttpRequest's ability to disclose arbitrary files, this security
bug becomes critcal.
Description: Invisible characters in applescript: URL protocol
messaging vulnerability
My name: DR010 http://remahl.se/david/vuln/010/
CVE: CAN-2005-1331
Summary: URL Protocol Messaging is a technique used by Script Editor
to facilitate sharing of AppleScripts between users. By clicking a
link (for example in a web forum), a user can create a new Script
Editor document automatically, with text from the query string of the
URI. This avoids problems with copying text from the web or manually
typing code snippets. However, the technique can be used to trick
users into running dangerous code (with embedded control characters),
since insufficient input validation is performed. Using
escape sequences and social engineering attacks it is in some cases
possible to trick the user into performing arbitrary commands.
I would like to acknowledge the willingness of Apple's Product
Security team to cooperate with me in resolving these issues. CERT's
assistance has also been helpful.
/ Regards, David Remahl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin)
iD8DBQFCd9mHFlFiDoclYIURAjgqAJ9mLbjrfJr17eenCK6qp5S6HXKzgACeIH+a PJwheHWkjnBAG4kNnAa/6QE= =iJNj -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-0310",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.6"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.7"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.9"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3"
},
{
"model": "terminal",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.4.4"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#356070"
},
{
"db": "BID",
"id": "13502"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-910"
},
{
"db": "NVD",
"id": "CVE-2005-1342"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Remahl\u203b vuln@remahl.se",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-910"
}
],
"trust": 0.6
},
"cve": "CVE-2005-1342",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2005-1342",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-12551",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-1342",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#356070",
"trust": 0.8,
"value": "22.31"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-910",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-12551",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#356070"
},
{
"db": "VULHUB",
"id": "VHN-12551"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-910"
},
{
"db": "NVD",
"id": "CVE-2005-1342"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nI have published advisories for 4 security vulnerabilities in Mac OS \nX that were addressed by Apple Security Update 2005-005, released \ntoday. \u003chttp://docs.info.apple.com/article.html?artnum=301528\u003e. \n\nThis email contains brief summaries of the problems. Full details can \nbe found on my web site \u003chttp://remahl.se/david/vuln/\u003e. \n\nDescription: help: URI handler execution of JavaScripts with known \npaths vulnerability\nMy name: DR004 \u003chttp://remahl.se/david/vuln/004/\u003e\nCVE: CAN-2005-1337 [yes, cool, isn\u0027t it ;-)]\nSummary: The Help Viewer application allows JavaScript and is thus \nvulnerable to having scripts with arbitrary paths run with the \nprivileges granted to file: protocol URIs. The files can be started \nwith a URI on the form of help:///path/to/file.html. Combined with \nXMLHttpRequest\u0027s ability to disclose arbitrary files, this security \nbug becomes critcal. \n\nDescription: Invisible characters in applescript: URL protocol \nmessaging vulnerability\nMy name: DR010 \u003chttp://remahl.se/david/vuln/010/\u003e\nCVE: CAN-2005-1331\nSummary: URL Protocol Messaging is a technique used by Script Editor \nto facilitate sharing of AppleScripts between users. By clicking a \nlink (for example in a web forum), a user can create a new Script \nEditor document automatically, with text from the query string of the \nURI. This avoids problems with copying text from the web or manually \ntyping code snippets. However, the technique can be used to trick \nusers into running dangerous code (with embedded control characters), \nsince insufficient input validation is performed. Using \nescape sequences and social engineering attacks it is in some cases \npossible to trick the user into performing arbitrary commands. \n\nI would like to acknowledge the willingness of Apple\u0027s Product \nSecurity team to cooperate with me in resolving these issues. CERT\u0027s \nassistance has also been helpful. \n\n/ Regards, David Remahl\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.1 (Darwin)\n\niD8DBQFCd9mHFlFiDoclYIURAjgqAJ9mLbjrfJr17eenCK6qp5S6HXKzgACeIH+a\nPJwheHWkjnBAG4kNnAa/6QE=\n=iJNj\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1342"
},
{
"db": "CERT/CC",
"id": "VU#356070"
},
{
"db": "BID",
"id": "13502"
},
{
"db": "VULHUB",
"id": "VHN-12551"
},
{
"db": "PACKETSTORM",
"id": "38718"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "OSVDB",
"id": "16084",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "15227",
"trust": 2.5
},
{
"db": "CERT/CC",
"id": "VU#356070",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2005-1342",
"trust": 2.1
},
{
"db": "BID",
"id": "13480",
"trust": 1.7
},
{
"db": "USCERT",
"id": "TA05-136A",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2005-0455",
"trust": 1.7
},
{
"db": "BID",
"id": "13502",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-200505-910",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "TA05-136A",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2005-05-03",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-12551",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "38718",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#356070"
},
{
"db": "VULHUB",
"id": "VHN-12551"
},
{
"db": "BID",
"id": "13502"
},
{
"db": "PACKETSTORM",
"id": "38718"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-910"
},
{
"db": "NVD",
"id": "CVE-2005-1342"
}
]
},
"id": "VAR-200505-0310",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12551"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-19T21:30:45.308000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1342"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://remahl.se/david/vuln/011/"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2005/may/msg00001.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/13480"
},
{
"trust": 1.7,
"url": "http://www.us-cert.gov/cas/techalerts/ta05-136a.html"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/356070"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/16084"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/15227"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2005/0455"
},
{
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=301528"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15227/"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/13502/"
},
{
"trust": 0.8,
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=16084"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2005/0455"
},
{
"trust": 0.3,
"url": "http://www.apple.com"
},
{
"trust": 0.3,
"url": "/archive/1/397489"
},
{
"trust": 0.1,
"url": ""
},
{
"trust": 0.1,
"url": "http://remahl.se/david/vuln/010/\u003e"
},
{
"trust": 0.1,
"url": "http://remahl.se/david/vuln/012/\u003e"
},
{
"trust": 0.1,
"url": "http://remahl.se/david/vuln/011/\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=301528\u003e."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-1342"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-1341"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-1331"
},
{
"trust": 0.1,
"url": "http://remahl.se/david/vuln/004/\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-1337"
},
{
"trust": 0.1,
"url": "http://remahl.se/david/vuln/\u003e."
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#356070"
},
{
"db": "VULHUB",
"id": "VHN-12551"
},
{
"db": "BID",
"id": "13502"
},
{
"db": "PACKETSTORM",
"id": "38718"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-910"
},
{
"db": "NVD",
"id": "CVE-2005-1342"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#356070"
},
{
"db": "VULHUB",
"id": "VHN-12551"
},
{
"db": "BID",
"id": "13502"
},
{
"db": "PACKETSTORM",
"id": "38718"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-910"
},
{
"db": "NVD",
"id": "CVE-2005-1342"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-06T00:00:00",
"db": "CERT/CC",
"id": "VU#356070"
},
{
"date": "2005-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-12551"
},
{
"date": "2005-05-03T00:00:00",
"db": "BID",
"id": "13502"
},
{
"date": "2005-07-15T06:39:33",
"db": "PACKETSTORM",
"id": "38718"
},
{
"date": "2005-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-910"
},
{
"date": "2005-05-04T04:00:00",
"db": "NVD",
"id": "CVE-2005-1342"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-16T00:00:00",
"db": "CERT/CC",
"id": "VU#356070"
},
{
"date": "2011-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-12551"
},
{
"date": "2009-07-12T14:06:00",
"db": "BID",
"id": "13502"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-910"
},
{
"date": "2011-03-08T02:21:38.847000",
"db": "NVD",
"id": "CVE-2005-1342"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-910"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Terminal fails to properly sanitize input for \"x-man-page\" URI",
"sources": [
{
"db": "CERT/CC",
"id": "VU#356070"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-910"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.