Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
16 vulnerabilities by cmu
CVE-2026-35467 (GCVE-0-2026-35467)
Vulnerability from cvelistv5 – Published: 2026-04-02 20:27 – Updated: 2026-04-03 13:51
VLAI
Title
Private Key stored as extractable in browser IndexeDB
Summary
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CERT/CC | cveClient/encrypt-storage.js |
Affected:
0 , < 1.1.15
(server)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-35467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-03T13:50:34.898716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T13:51:22.012Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "cveClient/encrypt-storage.js",
"vendor": "CERT/CC",
"versions": [
{
"lessThan": "1.1.15",
"status": "affected",
"version": "0",
"versionType": "server"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jerry Gamblin (https://github.com/jgamblin)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T20:27:27.792Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "Github PR to fix the issue",
"url": "https://github.com/CERTCC/cveClient/pull/39"
},
{
"name": "Github Repository of the project.",
"url": "https://github.com/CERTCC/cveClient/"
}
],
"title": "Private Key stored as extractable in browser IndexeDB",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-35467",
"datePublished": "2026-04-02T20:27:27.792Z",
"dateReserved": "2026-04-02T20:09:50.057Z",
"dateUpdated": "2026-04-03T13:51:22.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35466 (GCVE-0-2026-35466)
Vulnerability from cvelistv5 – Published: 2026-04-02 20:20 – Updated: 2026-04-03 13:55
VLAI
Title
Stored XSS via unsanitized input from remote service
Summary
XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CERT/CC | cveClient/cveInterface.js |
Affected:
0 , < 1.0.24
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-35466",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-03T13:54:50.933767Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T13:55:40.446Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "cveClient/cveInterface.js",
"vendor": "CERT/CC",
"versions": [
{
"lessThan": "1.0.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jerry Gamblin (https://github.com/jgamblin)"
}
],
"descriptions": [
{
"lang": "en",
"value": "XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T20:30:00.719Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "Patch PR",
"url": "https://github.com/CERTCC/cveClient/pull/37"
},
{
"name": "GitHub Repository",
"url": "https://github.com/CERTCC/cveClient"
}
],
"title": "Stored XSS via unsanitized input from remote service",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-35466",
"datePublished": "2026-04-02T20:20:35.304Z",
"dateReserved": "2026-04-02T20:09:50.057Z",
"dateUpdated": "2026-04-03T13:55:40.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22188 (GCVE-0-2026-22188)
Vulnerability from cvelistv5 – Published: 2026-01-07 20:26 – Updated: 2026-05-26 11:51
VLAI
Title
Panda3D <= 1.10.16 Deploy-Stub Stack Exhaustion via Unbounded alloca()
Summary
The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a large number of command-line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, resulting in a reliable crash and undefined behavior.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://seclists.org/fulldisclosure/2026/Jan/9 | technical-descriptionexploit |
| https://www.panda3d.org/ | product |
| https://github.com/panda3d/panda3d | product |
| https://www.vulncheck.com/advisories/panda3d-depl… | third-party-advisory |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22188",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T21:23:03.715506Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T21:23:15.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Panda3D",
"repo": "https://github.com/panda3d/panda3d",
"vendor": "Panda3D",
"versions": [
{
"lessThanOrEqual": "1.10.16",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cmu:panda3d:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.10.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ron Edgerson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a large number of command-line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, resulting in a reliable crash and undefined behavior."
}
],
"value": "The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a large number of command-line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, resulting in a reliable crash and undefined behavior."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457 Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T11:51:55.520Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://seclists.org/fulldisclosure/2026/Jan/9"
},
{
"tags": [
"product"
],
"url": "https://www.panda3d.org/"
},
{
"tags": [
"product"
],
"url": "https://github.com/panda3d/panda3d"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/panda3d-deploy-stub-stack-exhaustion-via-unbounded-alloca"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Panda3D \u003c= 1.10.16 Deploy-Stub Stack Exhaustion via Unbounded alloca()",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-22188",
"datePublished": "2026-01-07T20:26:13.360Z",
"dateReserved": "2026-01-06T16:47:17.183Z",
"dateUpdated": "2026-05-26T11:51:55.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22190 (GCVE-0-2026-22190)
Vulnerability from cvelistv5 – Published: 2026-01-07 20:25 – Updated: 2026-05-26 11:51
VLAI
Title
Panda3D <= 1.10.16 egg-mkfont Format String Information Disclosure
Summary
The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format string for sprintf() with only a single argument supplied. If an attacker provides additional format specifiers, egg-mkfont may read unintended stack values and write the formatted output into generated .egg and .png files, resulting in disclosure of stack-resident memory and pointer values.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://seclists.org/fulldisclosure/2026/Jan/11 | technical-descriptionexploit |
| https://www.panda3d.org/ | product |
| https://github.com/panda3d/panda3d | product |
| https://www.vulncheck.com/advisories/panda3d-egg-… | third-party-advisory |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22190",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T21:22:11.055323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T21:22:26.583Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Panda3D",
"repo": "https://github.com/panda3d/panda3d",
"vendor": "Panda3D",
"versions": [
{
"lessThanOrEqual": "1.10.16",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cmu:panda3d:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.10.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ron Edgerson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format string for sprintf() with only a single argument supplied. If an attacker provides additional format specifiers, egg-mkfont may read unintended stack values and write the formatted output into generated .egg and .png files, resulting in disclosure of stack-resident memory and pointer values."
}
],
"value": "The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format string for sprintf() with only a single argument supplied. If an attacker provides additional format specifiers, egg-mkfont may read unintended stack values and write the formatted output into generated .egg and .png files, resulting in disclosure of stack-resident memory and pointer values."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134 Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T11:51:56.911Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://seclists.org/fulldisclosure/2026/Jan/11"
},
{
"tags": [
"product"
],
"url": "https://www.panda3d.org/"
},
{
"tags": [
"product"
],
"url": "https://github.com/panda3d/panda3d"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/panda3d-egg-mkfont-format-string-information-disclosure"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Panda3D \u003c= 1.10.16 egg-mkfont Format String Information Disclosure",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-22190",
"datePublished": "2026-01-07T20:25:56.205Z",
"dateReserved": "2026-01-06T16:47:17.183Z",
"dateUpdated": "2026-05-26T11:51:56.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22189 (GCVE-0-2026-22189)
Vulnerability from cvelistv5 – Published: 2026-01-07 20:25 – Updated: 2026-05-26 11:51
VLAI
Title
Panda3D <= 1.10.16 egg-mkfont Stack Buffer Overflow
Summary
The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern (-gp) into a fixed-size stack buffer without length validation. Supplying an excessively long glyph pattern string can overflow the stack buffer, resulting in memory corruption and a deterministic crash. Depending on build configuration and execution environment, the overflow may also be exploitable for arbitrary code execution.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://seclists.org/fulldisclosure/2026/Jan/10 | technical-descriptionexploit |
| https://www.panda3d.org/ | product |
| https://github.com/panda3d/panda3d | product |
| https://www.vulncheck.com/advisories/panda3d-egg-… | third-party-advisory |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22189",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T21:21:11.467323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T21:21:35.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Panda3D",
"repo": "https://github.com/panda3d/panda3d",
"vendor": "Panda3D",
"versions": [
{
"lessThanOrEqual": "1.10.16",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cmu:panda3d:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.10.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ron Edgerson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern (-gp) into a fixed-size stack buffer without length validation. Supplying an excessively long glyph pattern string can overflow the stack buffer, resulting in memory corruption and a deterministic crash. Depending on build configuration and execution environment, the overflow may also be exploitable for arbitrary code execution."
}
],
"value": "The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern (-gp) into a fixed-size stack buffer without length validation. Supplying an excessively long glyph pattern string can overflow the stack buffer, resulting in memory corruption and a deterministic crash. Depending on build configuration and execution environment, the overflow may also be exploitable for arbitrary code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T11:51:56.219Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://seclists.org/fulldisclosure/2026/Jan/10"
},
{
"tags": [
"product"
],
"url": "https://www.panda3d.org/"
},
{
"tags": [
"product"
],
"url": "https://github.com/panda3d/panda3d"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/panda3d-egg-mkfont-stack-buffer-overflow"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Panda3D \u003c= 1.10.16 egg-mkfont Stack Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-22189",
"datePublished": "2026-01-07T20:25:37.702Z",
"dateReserved": "2026-01-06T16:47:17.183Z",
"dateUpdated": "2026-05-26T11:51:56.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-27092 (GCVE-0-2025-27092)
Vulnerability from cvelistv5 – Published: 2025-02-19 22:16 – Updated: 2025-02-20 16:52
VLAI
Title
Path Traversal Vulnerability in GHOSTS Photo Retrieval Endpoint
Summary
GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path traversal vulnerability was discovered in GHOSTS version 8.0.0.0 that allows an attacker to access files outside of the intended directory through the photo retrieval endpoint. The vulnerability exists in the /api/npcs/{id}/photo endpoint, which is designed to serve profile photos for NPCs (Non-Player Characters) but fails to properly validate and sanitize file paths. When an NPC is created with a specially crafted photoLink value containing path traversal sequences (../, ..\, etc.), the application processes these sequences without proper sanitization. This allows an attacker to traverse directory structures and access files outside of the intended photo directory, potentially exposing sensitive system files. The vulnerability is particularly severe because it allows reading arbitrary files from the server's filesystem with the permissions of the web application process, which could include configuration files, credentials, or other sensitive data. This issue has been addressed in version 8.2.7.90 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/cmu-sei/GHOSTS/security/adviso… | x_refsource_CONFIRM |
| https://github.com/cmu-sei/GHOSTS/commit/e6982755… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27092",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T16:52:24.961261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T16:52:40.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GHOSTS",
"vendor": "cmu-sei",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.2.7.90"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path traversal vulnerability was discovered in GHOSTS version 8.0.0.0 that allows an attacker to access files outside of the intended directory through the photo retrieval endpoint. The vulnerability exists in the /api/npcs/{id}/photo endpoint, which is designed to serve profile photos for NPCs (Non-Player Characters) but fails to properly validate and sanitize file paths. When an NPC is created with a specially crafted photoLink value containing path traversal sequences (../, ..\\, etc.), the application processes these sequences without proper sanitization. This allows an attacker to traverse directory structures and access files outside of the intended photo directory, potentially exposing sensitive system files. The vulnerability is particularly severe because it allows reading arbitrary files from the server\u0027s filesystem with the permissions of the web application process, which could include configuration files, credentials, or other sensitive data. This issue has been addressed in version 8.2.7.90 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T22:16:56.207Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cmu-sei/GHOSTS/security/advisories/GHSA-qr67-m6w9-wj3j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cmu-sei/GHOSTS/security/advisories/GHSA-qr67-m6w9-wj3j"
},
{
"name": "https://github.com/cmu-sei/GHOSTS/commit/e69827556a52ff813de00e1017c4b62598d2c887",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cmu-sei/GHOSTS/commit/e69827556a52ff813de00e1017c4b62598d2c887"
}
],
"source": {
"advisory": "GHSA-qr67-m6w9-wj3j",
"discovery": "UNKNOWN"
},
"title": "Path Traversal Vulnerability in GHOSTS Photo Retrieval Endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27092",
"datePublished": "2025-02-19T22:16:56.207Z",
"dateReserved": "2025-02-18T16:44:48.764Z",
"dateUpdated": "2025-02-20T16:52:40.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31506 (GCVE-0-2022-31506)
Vulnerability from cvelistv5 – Published: 2022-07-11 00:54 – Updated: 2024-08-03 07:19
VLAI
Summary
The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/github/securitylab/issues/669#… | x_refsource_MISC |
| https://github.com/cmusatyalab/opendiamond/commit… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/github/securitylab/issues/669#issuecomment-1117265726"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cmusatyalab/opendiamond/commit/398049c187ee644beabab44d6fece82251c1ea56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T00:54:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/github/securitylab/issues/669#issuecomment-1117265726"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cmusatyalab/opendiamond/commit/398049c187ee644beabab44d6fece82251c1ea56"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/github/securitylab/issues/669#issuecomment-1117265726",
"refsource": "MISC",
"url": "https://github.com/github/securitylab/issues/669#issuecomment-1117265726"
},
{
"name": "https://github.com/cmusatyalab/opendiamond/commit/398049c187ee644beabab44d6fece82251c1ea56",
"refsource": "MISC",
"url": "https://github.com/cmusatyalab/opendiamond/commit/398049c187ee644beabab44d6fece82251c1ea56"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31506",
"datePublished": "2022-07-11T00:54:01.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7723 (GCVE-0-2014-7723)
Vulnerability from cvelistv5 – Published: 2014-10-21 10:00 – Updated: 2024-08-06 12:56
VLAI
Summary
The Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/582497 | third-party-advisoryx_refsource_CERT-VN |
| https://docs.google.com/spreadsheets/d/1t5GXwjw82… | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/727609 | third-party-advisoryx_refsource_CERT-VN |
Date Public
2014-10-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:56:12.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#582497",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#727609",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/727609"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-21T07:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#582497",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#727609",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/727609"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#727609",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/727609"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-7723",
"datePublished": "2014-10-21T10:00:00.000Z",
"dateReserved": "2014-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:56:12.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0027 (GCVE-0-2014-0027)
Vulnerability from cvelistv5 – Published: 2014-01-26 01:00 – Updated: 2024-08-06 08:58
VLAI
Summary
The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/64791 | vdb-entryx_refsource_BID |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.osvdb.org/101948 | vdb-entryx_refsource_OSVDB |
| https://bugzilla.redhat.com/show_bug.cgi?id=1048678 | x_refsource_CONFIRM |
| http://seclists.org/oss-sec/2014/q1/59 | mailing-listx_refsource_MLIST |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2014-01-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2014-0579",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127776.html"
},
{
"name": "64791",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64791"
},
{
"name": "MDVSA-2014:032",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:032"
},
{
"name": "101948",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/101948"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048678"
},
{
"name": "[oss-security] 20140110 temporary file issue in flite",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/59"
},
{
"name": "FEDORA-2014-0574",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127748.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-18T17:57:02.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2014-0579",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127776.html"
},
{
"name": "64791",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64791"
},
{
"name": "MDVSA-2014:032",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:032"
},
{
"name": "101948",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/101948"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048678"
},
{
"name": "[oss-security] 20140110 temporary file issue in flite",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/59"
},
{
"name": "FEDORA-2014-0574",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127748.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0027",
"datePublished": "2014-01-26T01:00:00.000Z",
"dateReserved": "2013-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:58:26.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4122 (GCVE-0-2013-4122)
Vulnerability from cvelistv5 – Published: 2013-10-27 00:00 – Updated: 2024-08-06 16:30
VLAI
Summary
Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://git.cyrusimap.org/cyrus-sasl/commit/?id=de… | x_refsource_CONFIRM |
| https://www.linuxquestions.org/questions/slackwar… | x_refsource_MISC |
| http://security.gentoo.org/glsa/glsa-201309-01.xml | vendor-advisoryx_refsource_GENTOO |
| http://www.ubuntu.com/usn/USN-2755-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.openwall.com/lists/oss-security/2013/07/15/1 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2013/07/13/1 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2013/07/12/6 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2013/07/12/3 | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2015/dsa-3368 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2013-07-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:50.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.linuxquestions.org/questions/slackware-14/%5Bslackware-current%5D-glibc-2-17-shadow-and-other-penumbrae-4175461061/"
},
{
"name": "GLSA-201309-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201309-01.xml"
},
{
"name": "USN-2755-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2755-1"
},
{
"name": "[oss-security] 20130715 Re: CVE request: Cyrus-sasl NULL ptr. dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/15/1"
},
{
"name": "[oss-security] 20130713 Re: CVE request: Cyrus-sasl NULL ptr. dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/13/1"
},
{
"name": "[oss-security] 20130712 Re: CVE request: Cyrus-sasl NULL ptr. dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/12/6"
},
{
"name": "[oss-security] 20130712 CVE request: Cyrus-sasl NULL ptr. dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/12/3"
},
{
"name": "DSA-3368",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3368"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.linuxquestions.org/questions/slackware-14/%5Bslackware-current%5D-glibc-2-17-shadow-and-other-penumbrae-4175461061/"
},
{
"name": "GLSA-201309-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201309-01.xml"
},
{
"name": "USN-2755-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2755-1"
},
{
"name": "[oss-security] 20130715 Re: CVE request: Cyrus-sasl NULL ptr. dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/15/1"
},
{
"name": "[oss-security] 20130713 Re: CVE request: Cyrus-sasl NULL ptr. dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/13/1"
},
{
"name": "[oss-security] 20130712 Re: CVE request: Cyrus-sasl NULL ptr. dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/12/6"
},
{
"name": "[oss-security] 20130712 CVE request: Cyrus-sasl NULL ptr. dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/12/3"
},
{
"name": "DSA-3368",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3368"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4122",
"datePublished": "2013-10-27T00:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:30:50.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3208 (GCVE-0-2011-3208)
Vulnerability from cvelistv5 – Published: 2011-09-14 17:00 – Updated: 2024-08-06 23:29
VLAI
Summary
Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2011-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2011:1034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/11723935"
},
{
"name": "46064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46064"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=3244c18c928fa331f6927e2b8146abe90feafddd"
},
{
"name": "49534",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49534"
},
{
"name": "75307",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/75307"
},
{
"name": "openSUSE-SU-2011:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00019.html"
},
{
"name": "[cyrus-announce] 20110908 Cyrus 2.4.11 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=200"
},
{
"name": "45975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45975"
},
{
"name": "cyrus-splitwildmats-bo(69679)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69679"
},
{
"name": "[cyrus-announce] 20110908 Cyrus 2.3.17 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=199"
},
{
"name": "RHSA-2011:1317",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1317.html"
},
{
"name": "45938",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45938"
},
{
"name": "MDVSA-2011:149",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:149"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=734926"
},
{
"name": "DSA-2318",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2318"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=0f8f026699829b65733c3081657b24e2174f4f4d"
},
{
"name": "1026031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1026031"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SU-2011:1034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/11723935"
},
{
"name": "46064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46064"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=3244c18c928fa331f6927e2b8146abe90feafddd"
},
{
"name": "49534",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49534"
},
{
"name": "75307",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/75307"
},
{
"name": "openSUSE-SU-2011:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00019.html"
},
{
"name": "[cyrus-announce] 20110908 Cyrus 2.4.11 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=200"
},
{
"name": "45975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45975"
},
{
"name": "cyrus-splitwildmats-bo(69679)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69679"
},
{
"name": "[cyrus-announce] 20110908 Cyrus 2.3.17 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=199"
},
{
"name": "RHSA-2011:1317",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1317.html"
},
{
"name": "45938",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45938"
},
{
"name": "MDVSA-2011:149",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:149"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=734926"
},
{
"name": "DSA-2318",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2318"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=0f8f026699829b65733c3081657b24e2174f4f4d"
},
{
"name": "1026031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1026031"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:1034",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/11723935"
},
{
"name": "46064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46064"
},
{
"name": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=3244c18c928fa331f6927e2b8146abe90feafddd",
"refsource": "CONFIRM",
"url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=3244c18c928fa331f6927e2b8146abe90feafddd"
},
{
"name": "49534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49534"
},
{
"name": "75307",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/75307"
},
{
"name": "openSUSE-SU-2011:1036",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00019.html"
},
{
"name": "[cyrus-announce] 20110908 Cyrus 2.4.11 Released",
"refsource": "MLIST",
"url": "http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=200"
},
{
"name": "45975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45975"
},
{
"name": "cyrus-splitwildmats-bo(69679)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69679"
},
{
"name": "[cyrus-announce] 20110908 Cyrus 2.3.17 Released",
"refsource": "MLIST",
"url": "http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=199"
},
{
"name": "RHSA-2011:1317",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1317.html"
},
{
"name": "45938",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45938"
},
{
"name": "MDVSA-2011:149",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:149"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=734926",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=734926"
},
{
"name": "DSA-2318",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2318"
},
{
"name": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=0f8f026699829b65733c3081657b24e2174f4f4d",
"refsource": "CONFIRM",
"url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=0f8f026699829b65733c3081657b24e2174f4f4d"
},
{
"name": "1026031",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1026031"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3208",
"datePublished": "2011-09-14T17:00:00.000Z",
"dateReserved": "2011-08-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:29:56.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3481 (GCVE-0-2011-3481)
Vulnerability from cvelistv5 – Published: 2011-09-14 17:00 – Updated: 2024-08-06 23:37
VLAI
Summary
The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://git.cyrusimap.org/cyrus-imapd/commit/?id=6… | x_refsource_CONFIRM |
| http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463 | x_refsource_CONFIRM |
| http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.redhat.com/support/errata/RHSA-2011-15… | vendor-advisoryx_refsource_REDHAT |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
Date Public
2011-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772"
},
{
"name": "cyrus-imap-indexgetids-dos(69842)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69842"
},
{
"name": "RHSA-2011:1508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1508.html"
},
{
"name": "MDVSA-2012:037",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:037"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772"
},
{
"name": "cyrus-imap-indexgetids-dos(69842)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69842"
},
{
"name": "RHSA-2011:1508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1508.html"
},
{
"name": "MDVSA-2012:037",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:037"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5",
"refsource": "CONFIRM",
"url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5"
},
{
"name": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463",
"refsource": "CONFIRM",
"url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463"
},
{
"name": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772",
"refsource": "CONFIRM",
"url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772"
},
{
"name": "cyrus-imap-indexgetids-dos(69842)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69842"
},
{
"name": "RHSA-2011:1508",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1508.html"
},
{
"name": "MDVSA-2012:037",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:037"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3481",
"datePublished": "2011-09-14T17:00:00.000Z",
"dateReserved": "2011-09-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:47.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1926 (GCVE-0-2011-1926)
Vulnerability from cvelistv5 – Published: 2011-05-23 22:00 – Updated: 2024-08-06 22:46
VLAI
Summary
The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
20 references
Date Public
2011-03-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2011:0859",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0859.html"
},
{
"name": "FEDORA-2011-7217",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061374.html"
},
{
"name": "DSA-2258",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2258"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cyrusimap.org/docs/cyrus-imapd/2.4.7/changes.php"
},
{
"name": "MDVSA-2011:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:100"
},
{
"name": "FEDORA-2011-7193",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061415.html"
},
{
"name": "1025625",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025625"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3423"
},
{
"name": "DSA-2242",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2242"
},
{
"name": "44876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44876"
},
{
"name": "[oss-security] 20110517 CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: pure-ftpd STARTTLS command injection / new CVE?]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/05/17/2"
},
{
"name": "VU#555316",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"name": "44928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44928"
},
{
"name": "44913",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44913"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424"
},
{
"name": "44670",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44670"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705288"
},
{
"name": "cyrus-starttls-command-exec(67867)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67867"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8786f162"
},
{
"name": "[oss-security] 20110517 Re: CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: pure-ftpd STARTTLS command injection / new CVE?]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/05/17/15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2011:0859",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0859.html"
},
{
"name": "FEDORA-2011-7217",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061374.html"
},
{
"name": "DSA-2258",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2258"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cyrusimap.org/docs/cyrus-imapd/2.4.7/changes.php"
},
{
"name": "MDVSA-2011:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:100"
},
{
"name": "FEDORA-2011-7193",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061415.html"
},
{
"name": "1025625",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025625"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3423"
},
{
"name": "DSA-2242",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2242"
},
{
"name": "44876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44876"
},
{
"name": "[oss-security] 20110517 CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: pure-ftpd STARTTLS command injection / new CVE?]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/05/17/2"
},
{
"name": "VU#555316",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"name": "44928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44928"
},
{
"name": "44913",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44913"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424"
},
{
"name": "44670",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44670"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705288"
},
{
"name": "cyrus-starttls-command-exec(67867)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67867"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8786f162"
},
{
"name": "[oss-security] 20110517 Re: CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: pure-ftpd STARTTLS command injection / new CVE?]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/05/17/15"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1926",
"datePublished": "2011-05-23T22:00:00.000Z",
"dateReserved": "2011-05-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:46:00.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2632 (GCVE-0-2009-2632)
Vulnerability from cvelistv5 – Published: 2009-09-08 23:00 – Updated: 2024-08-07 05:59
VLAI
Summary
Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
22 references
Date Public
2009-09-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36377",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36377"
},
{
"name": "DSA-1881",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1881"
},
{
"name": "36713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36713"
},
{
"name": "[Cyrus-CVS] 20090902 src/sieve by brong",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html"
},
{
"name": "36629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62\u0026r2=1.62.2.1\u0026only_with_tag=cyrus-imapd-2_2-tail"
},
{
"name": "[Dovecot-news] 20090914 Security holes in CMU Sieve plugin",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://dovecot.org/list/dovecot-news/2009-September/000135.html"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "[Cyrus-CVS] 20090902 src/sieve by brong",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html"
},
{
"name": "36632",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36632"
},
{
"name": "USN-838-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-838-1"
},
{
"name": "58103",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/58103"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "SUSE-SR:2009:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
},
{
"name": "36904",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36904"
},
{
"name": "36698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36698"
},
{
"name": "36296",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36296"
},
{
"name": "ADV-2009-2641",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2641"
},
{
"name": "ADV-2009-2559",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2559"
},
{
"name": "FEDORA-2009-9559",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html"
},
{
"name": "oval:org.mitre.oval:def:10082",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082"
},
{
"name": "[oss-security] 20090914 Re: CVE for recent cyrus-imap issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/09/14/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "36377",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36377"
},
{
"name": "DSA-1881",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1881"
},
{
"name": "36713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36713"
},
{
"name": "[Cyrus-CVS] 20090902 src/sieve by brong",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html"
},
{
"name": "36629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62\u0026r2=1.62.2.1\u0026only_with_tag=cyrus-imapd-2_2-tail"
},
{
"name": "[Dovecot-news] 20090914 Security holes in CMU Sieve plugin",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://dovecot.org/list/dovecot-news/2009-September/000135.html"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "[Cyrus-CVS] 20090902 src/sieve by brong",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html"
},
{
"name": "36632",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36632"
},
{
"name": "USN-838-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-838-1"
},
{
"name": "58103",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/58103"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "SUSE-SR:2009:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
},
{
"name": "36904",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36904"
},
{
"name": "36698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36698"
},
{
"name": "36296",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36296"
},
{
"name": "ADV-2009-2641",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2641"
},
{
"name": "ADV-2009-2559",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2559"
},
{
"name": "FEDORA-2009-9559",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html"
},
{
"name": "oval:org.mitre.oval:def:10082",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082"
},
{
"name": "[oss-security] 20090914 Re: CVE for recent cyrus-imap issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/09/14/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2009-2632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36377"
},
{
"name": "DSA-1881",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1881"
},
{
"name": "36713",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36713"
},
{
"name": "[Cyrus-CVS] 20090902 src/sieve by brong",
"refsource": "MLIST",
"url": "https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html"
},
{
"name": "36629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36629"
},
{
"name": "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62\u0026r2=1.62.2.1\u0026only_with_tag=cyrus-imapd-2_2-tail",
"refsource": "CONFIRM",
"url": "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62\u0026r2=1.62.2.1\u0026only_with_tag=cyrus-imapd-2_2-tail"
},
{
"name": "[Dovecot-news] 20090914 Security holes in CMU Sieve plugin",
"refsource": "MLIST",
"url": "http://dovecot.org/list/dovecot-news/2009-September/000135.html"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "[Cyrus-CVS] 20090902 src/sieve by brong",
"refsource": "MLIST",
"url": "https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html"
},
{
"name": "36632",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36632"
},
{
"name": "USN-838-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-838-1"
},
{
"name": "58103",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/58103"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "SUSE-SR:2009:016",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
},
{
"name": "36904",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36904"
},
{
"name": "36698",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36698"
},
{
"name": "36296",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36296"
},
{
"name": "ADV-2009-2641",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2641"
},
{
"name": "ADV-2009-2559",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2559"
},
{
"name": "FEDORA-2009-9559",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html"
},
{
"name": "oval:org.mitre.oval:def:10082",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082"
},
{
"name": "[oss-security] 20090914 Re: CVE for recent cyrus-imap issue",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/09/14/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2009-2632",
"datePublished": "2009-09-08T23:00:00.000Z",
"dateReserved": "2009-07-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:59:56.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0663 (GCVE-0-2009-0663)
Vulnerability from cvelistv5 – Published: 2009-04-30 20:00 – Updated: 2024-08-07 04:40
VLAI
Summary
Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://www.redhat.com/support/errata/RHSA-2009-10… | vendor-advisoryx_refsource_REDHAT |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/34755 | vdb-entryx_refsource_BID |
| http://security.debian.org/pool/updates/main/libd… | x_refsource_CONFIRM |
| https://launchpad.net/bugs/cve/2009-0663 | x_refsource_MISC |
| http://secunia.com/advisories/34909 | third-party-advisoryx_refsource_SECUNIA |
| http://www.redhat.com/support/errata/RHSA-2009-04… | vendor-advisoryx_refsource_REDHAT |
| http://secunia.com/advisories/35685 | third-party-advisoryx_refsource_SECUNIA |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.debian.org/security/2009/dsa-1780 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://secunia.com/advisories/35058 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2009-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2009:1067",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1067.html"
},
{
"name": "libdbdpgperl-unspecified-bo(50467)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50467"
},
{
"name": "34755",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.net/bugs/cve/2009-0663"
},
{
"name": "34909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34909"
},
{
"name": "RHSA-2009:0479",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0479.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "oval:org.mitre.oval:def:9499",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9499"
},
{
"name": "DSA-1780",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1780"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "35058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2009:1067",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1067.html"
},
{
"name": "libdbdpgperl-unspecified-bo(50467)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50467"
},
{
"name": "34755",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.net/bugs/cve/2009-0663"
},
{
"name": "34909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34909"
},
{
"name": "RHSA-2009:0479",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0479.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "oval:org.mitre.oval:def:9499",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9499"
},
{
"name": "DSA-1780",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1780"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "35058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35058"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2009:1067",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1067.html"
},
{
"name": "libdbdpgperl-unspecified-bo(50467)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50467"
},
{
"name": "34755",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34755"
},
{
"name": "http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz",
"refsource": "CONFIRM",
"url": "http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz"
},
{
"name": "https://launchpad.net/bugs/cve/2009-0663",
"refsource": "MISC",
"url": "https://launchpad.net/bugs/cve/2009-0663"
},
{
"name": "34909",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34909"
},
{
"name": "RHSA-2009:0479",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0479.html"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "oval:org.mitre.oval:def:9499",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9499"
},
{
"name": "DSA-1780",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1780"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "35058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35058"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0663",
"datePublished": "2009-04-30T20:00:00.000Z",
"dateReserved": "2009-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:40:05.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0799 (GCVE-0-1999-0799)
Vulnerability from cvelistv5 – Published: 2000-04-18 04:00 – Updated: 2024-08-01 16:48
VLAI
Summary
Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:37.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0799"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T07:58:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0799"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0799",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0799"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0799",
"datePublished": "2000-04-18T04:00:00.000Z",
"dateReserved": "1999-11-25T00:00:00.000Z",
"dateUpdated": "2024-08-01T16:48:37.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}