CVE-2015-3446
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2015-3446
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg).
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
AlienVault Unified Security Management 远程代码执行漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
AlienVault Unified Security Management(USM)是美国AlienVault公司的一套提供了安全监控、安全事件管理和报告、威胁感知系统等功能的安全管理平台。Framework Daemon是其中的一套框架守护进程。 AlienVault USM 4.15之前版本的Framework Daemon中存在安全漏洞。远程攻击者可借助特制的插件配置文件(.cfg)利用该漏洞执行任意Python代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2015-3446
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2015-3446
请登录查看更多情报信息。
- http://www.zerodayinitiative.com/advisories/ZDI-15-161/x_refsource_MISC
- https://www.alienvault.com/forums/discussion/4415/x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2015-3446
Same Patch Batch · n/a · 2015-05-01 · 18 CVEs total
| CVE-2015-3633 | 多款Foxit产品资源管理错误漏洞 | |
| CVE-2014-8361 | Realtek SDK 输入验证错误 | |
| CVE-2015-1250 | Google Chrome 拒绝服务漏洞 | |
| CVE-2015-1243 | Google Chrome Blink 释放后重用漏洞 | |
| CVE-2015-0914 | EasyCTF 安全漏洞 | |
| CVE-2015-0913 | EasyCTF 跨站脚本漏洞 | |
| CVE-2015-0912 | EasyCTF 安全漏洞 | |
| CVE-2015-0712 | Cisco ASR 5000 StarOS 资源管理错误漏洞 | |
| CVE-2015-0532 | EMC RSA Identity Management and Governance 权限许可和访问控制漏洞 | |
| CVE-2014-3598 | Python Image Library Jpeg2KImagePlugin插件资源管理错误漏洞 | |
| CVE-2015-3632 | 多款Foxit产品拒绝服务漏洞 | |
| CVE-2015-3435 | Samsung Security Manager 远程代码执行漏洞 | |
| CVE-2015-3337 | Elasticsearch 路径遍历漏洞 | |
| CVE-2015-3153 | Haxx cURL和Libcurl 信息泄露漏洞 | |
| CVE-2015-2248 | Dell SonicWALL Secure Remote Access 跨站请求伪造漏洞 | |
| CVE-2015-0257 | Red Hat Enterprise Virtualization Manager 权限许可和访问控制问题漏洞 | |
| CVE-2015-0237 | Red Hat Enterprise Virtualization Manager 权限许可和访问控制问题漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2015-3446
No comments yet