Mycroft Core 0.9.4

CPE Details

Mycroft Core 0.9.4
mycroft
mycroft-core
0.9.4
2019-09-17
14h12 +00:00
2019-09-17
14h12 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:mycroft:mycroft-core:0.9.4:*:*:*:*:*:*:*

Informations

Vendor

mycroft

Product

mycroft-core

Version

0.9.4

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2018-1000621 2018-07-09 20h00 +00:00 Mycroft AI mycroft-core version 18.2.8b and earlier contains a Incorrect Access Control vulnerability in Websocket configuration that can result in code execution. This impacts ONLY the Mycroft for Linux and "non-enclosure" installs - Mark 1 and Picroft unaffected. This attack appear to be exploitable remote access to the unsecured websocket server. This vulnerability appears to have been fixed in No fix currently available.
8.1
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.