Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2012-AVI-479
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits VMware. Elles concernent les éléments d'éditeurs tiers implémentés dans les solutions. Les éléments suivants ont étés mis à jour :
- Java Runtime Environment (JRE) ;
- OpenSSL ;
- le noyau ;
- Perl ;
- libxml2 ;
- glibc ;
- GnuTLS ;
- popt et rpm ;
- Apache struts.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
Vendor | Product | Description | ||
---|---|---|---|---|
VMware | N/A | VMware ESX version 4.1 ; | ||
VMware | N/A | VMware vCO version 4.0. | ||
VMware | N/A | VMware vCenter version 5.0 ; | ||
VMware | N/A | VMware vCOps version 1.0.x ; | ||
VMware | ESXi | VMware ESXi version 3.5 ; | ||
VMware | N/A | VMware Update Manager version 5.0 ; | ||
VMware | N/A | VMware Update Manager version 4.0 ; | ||
VMware | N/A | VMware vCO version 4.1 ; | ||
VMware | ESXi | VMware ESXi version 4.1 ; | ||
VMware | N/A | VMware vCenter version 4.0 ; | ||
VMware | N/A | VMware vCenter version 4.1 ; | ||
VMware | N/A | VMware vCOps version 5.0.2 ; | ||
VMware | ESXi | VMware ESXi version 4.0 ; | ||
VMware | N/A | VMware VirtualCenter version 2.5 ; | ||
VMware | N/A | VMware Update Manager version 4.1 ; | ||
VMware | ESXi | VMware ESXi version 5.0 ; | ||
VMware | N/A | VMware ESX version 4.0 ; | ||
VMware | N/A | VMware ESX version 3.5 ; |
References
Title | Publication Time | Tags | |||
---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "VMware ESX version 4.1 ;", "product": { "name": "N/A", "vendor": { "name": "VMware", "scada": false } } }, { "description": "VMware vCO version 4.0.", "product": { "name": "N/A", "vendor": { "name": "VMware", "scada": false } } }, { "description": "VMware vCenter version 5.0 ;", "product": { "name": "N/A", "vendor": { "name": "VMware", "scada": false } } }, { "description": "VMware vCOps version 1.0.x ;", "product": { "name": "N/A", "vendor": { "name": "VMware", "scada": false } } }, { "description": "VMware ESXi version 3.5 ;", "product": { "name": "ESXi", "vendor": { "name": "VMware", "scada": false } } }, { "description": "VMware Update Manager version 5.0 ;", "product": { "name": "N/A", "vendor": { "name": "VMware", "scada": false } } }, { "description": "VMware Update Manager version 4.0 ;", "product": { "name": "N/A", "vendor": { "name": "VMware", "scada": false } } }, { "description": "VMware vCO version 4.1 ;", "product": { "name": "N/A", "vendor": { "name": "VMware", "scada": false } } }, { "description": "VMware ESXi version 4.1 ;", "product": { "name": "ESXi", "vendor": { "name": "VMware", "scada": false } } }, { "description": "VMware vCenter version 4.0 ;", "product": { "name": "N/A", "vendor": { "name": "VMware", "scada": false } } }, { "description": "VMware vCenter version 4.1 ;", "product": { "name": "N/A", "vendor": { "name": "VMware", "scada": false } } }, { "description": "VMware vCOps version 5.0.2 ;", "product": { "name": "N/A", "vendor": { "name": "VMware", "scada": false } } }, { "description": "VMware ESXi version 4.0 ;", "product": { "name": "ESXi", "vendor": { "name": "VMware", "scada": false } } }, { "description": "VMware VirtualCenter version 2.5 ;", "product": { "name": "N/A", "vendor": { "name": "VMware", "scada": false } } }, { "description": "VMware Update Manager version 4.1 ;", "product": { "name": "N/A", "vendor": { "name": "VMware", "scada": false } } }, { "description": "VMware ESXi version 5.0 ;", "product": { "name": "ESXi", "vendor": { "name": "VMware", "scada": false } } }, { "description": "VMware ESX version 4.0 ;", "product": { "name": "N/A", "vendor": { "name": "VMware", "scada": false } } }, { "description": "VMware ESX version 3.5 ;", "product": { "name": "N/A", "vendor": { "name": "VMware", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2011-1833", "url": "https://www.cve.org/CVERecord?id=CVE-2011-1833" }, { "name": "CVE-2012-0050", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0050" }, { "name": "CVE-2011-4132", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4132" }, { "name": "CVE-2011-4609", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4609" }, { "name": "CVE-2012-0207", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0207" }, { "name": "CVE-2011-5057", "url": "https://www.cve.org/CVERecord?id=CVE-2011-5057" }, { "name": "CVE-2010-4252", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4252" }, { "name": "CVE-2011-4619", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4619" }, { "name": "CVE-2012-2110", "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110" }, { "name": "CVE-2011-4576", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4576" }, { "name": "CVE-2011-2496", "url": "https://www.cve.org/CVERecord?id=CVE-2011-2496" }, { "name": "CVE-2009-5064", "url": "https://www.cve.org/CVERecord?id=CVE-2009-5064" }, { "name": "CVE-2011-4577", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4577" }, { "name": "CVE-2009-5029", "url": "https://www.cve.org/CVERecord?id=CVE-2009-5029" }, { "name": "CVE-2012-1569", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1569" }, { "name": "CVE-2011-4324", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4324" }, { "name": "CVE-2011-4110", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4110" }, { "name": "CVE-2011-4108", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4108" }, { "name": "CVE-2012-1583", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1583" }, { "name": "CVE-2010-2761", "url": "https://www.cve.org/CVERecord?id=CVE-2010-2761" }, { "name": "CVE-2012-0060", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0060" }, { "name": "CVE-2012-0391", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0391" }, { "name": "CVE-2011-4325", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4325" }, { "name": "CVE-2010-0830", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0830" }, { "name": "CVE-2012-0061", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0061" }, { "name": "CVE-2010-4180", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4180" }, { "name": "CVE-2012-0864", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0864" }, { "name": "CVE-2011-3209", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3209" }, { "name": "CVE-2010-4410", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4410" }, { "name": "CVE-2012-0392", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0392" }, { "name": "CVE-2012-0394", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0394" }, { "name": "CVE-2012-0815", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0815" }, { "name": "CVE-2011-3188", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3188" }, { "name": "CVE-2011-1020", "url": "https://www.cve.org/CVERecord?id=CVE-2011-1020" }, { "name": "CVE-2011-4109", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4109" }, { "name": "CVE-2012-1573", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1573" }, { "name": "CVE-2011-4128", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4128" }, { "name": "CVE-2012-0841", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841" }, { "name": "CVE-2011-2484", "url": "https://www.cve.org/CVERecord?id=CVE-2011-2484" }, { "name": "CVE-2012-0393", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0393" }, { "name": "CVE-2011-3597", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3597" }, { "name": "CVE-2011-3363", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3363" }, { "name": "CVE-2011-2699", "url": "https://www.cve.org/CVERecord?id=CVE-2011-2699" }, { "name": "CVE-2011-0014", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0014" }, { "name": "CVE-2011-1089", "url": "https://www.cve.org/CVERecord?id=CVE-2011-1089" } ], "initial_release_date": "2012-09-03T00:00:00", "last_revision_date": "2012-09-03T00:00:00", "links": [], "reference": "CERTA-2012-AVI-479", "revisions": [ { "description": "version initiale.", "revision_date": "2012-09-03T00:00:00.000000" } ], "risks": [ { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e. Elles concernent les \u00e9l\u00e9ments d\u0027\u00e9diteurs\ntiers impl\u00e9ment\u00e9s dans les solutions. Les \u00e9l\u00e9ments suivants ont \u00e9t\u00e9s mis\n\u00e0 jour :\n\n- Java Runtime Environment (JRE) ;\n- OpenSSL ;\n- le noyau ;\n- Perl ;\n- libxml2 ;\n- glibc ;\n- GnuTLS ;\n- popt et rpm ;\n- Apache struts.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0013 du 30 ao\u00fbt 2012", "url": "http://www.vmware.com/security/advisories/VMSA-2012-0013.html" } ] }
CVE-2011-4132 (GCVE-0-2011-4132)
Vulnerability from cvelistv5
Published
2012-01-27 15:00
Modified
2024-08-07 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value."
References
URL | Tags | |||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:01:51.166Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SUSE-SU-2012:0554", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=8762202dd0d6e46854f786bdb6fb3780a1625efe" }, { "name": "48898", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48898" }, { "name": "1026325", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1026325" }, { "name": "50663", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/50663" }, { "name": "[oss-security] 20111111 CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2011/11/11/6" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://xorl.wordpress.com/2011/12/08/cve-2011-4132-linux-kernel-jbdjbd2-local-dos/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=753341" }, { "name": "[oss-security] 20111113 Re: CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2011/11/13/4" }, { "name": "SUSE-SU-2015:0812", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-11-01T00:00:00", "descriptions": [ { "lang": "en", "value": "The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an \"invalid log first block value.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-28T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "SUSE-SU-2012:0554", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=8762202dd0d6e46854f786bdb6fb3780a1625efe" }, { "name": "48898", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48898" }, { "name": "1026325", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1026325" }, { "name": "50663", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/50663" }, { "name": "[oss-security] 20111111 CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2011/11/11/6" }, { "tags": [ "x_refsource_MISC" ], "url": "http://xorl.wordpress.com/2011/12/08/cve-2011-4132-linux-kernel-jbdjbd2-local-dos/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=753341" }, { "name": "[oss-security] 20111113 Re: CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2011/11/13/4" }, { "name": "SUSE-SU-2015:0812", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4132", "datePublished": "2012-01-27T15:00:00", "dateReserved": "2011-10-18T00:00:00", "dateUpdated": "2024-08-07T00:01:51.166Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-4609 (GCVE-0-2011-4609)
Vulnerability from cvelistv5
Published
2013-05-02 14:00
Modified
2024-08-07 00:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.
References
URL | Tags | ||||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:09:19.355Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=767299" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-05-02T14:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=767299" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4609", "datePublished": "2013-05-02T14:00:00Z", "dateReserved": "2011-11-29T00:00:00Z", "dateUpdated": "2024-08-07T00:09:19.355Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-0841 (GCVE-0-2012-0841)
Vulnerability from cvelistv5
Published
2012-12-21 02:00
Modified
2024-08-06 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:38:14.956Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2013-10-22-8", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html" }, { "name": "SUSE-SU-2013:1627", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html" }, { "name": "RHSA-2012:0324", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0324.html" }, { "name": "[oss-security] 20120222 libxml2: hash table collisions CPU usage DoS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/02/22/1" }, { "name": "RHSA-2013:0217", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0217.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT6001" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://xmlsoft.org/news.html" }, { "name": "1026723", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1026723" }, { "name": "54886", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/54886" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5934" }, { "name": "DSA-2417", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2417" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0841_denial_of" }, { "name": "55568", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/55568" }, { "name": "52107", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/52107" }, { "name": "MDVSA-2013:150", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" }, { "name": "APPLE-SA-2013-09-18-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-02-13T00:00:00", "descriptions": [ { "lang": "en", "value": "libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-01-23T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "APPLE-SA-2013-10-22-8", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html" }, { "name": "SUSE-SU-2013:1627", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html" }, { "name": "RHSA-2012:0324", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0324.html" }, { "name": "[oss-security] 20120222 libxml2: hash table collisions CPU usage DoS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/02/22/1" }, { "name": "RHSA-2013:0217", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0217.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT6001" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://xmlsoft.org/news.html" }, { "name": "1026723", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1026723" }, { "name": "54886", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/54886" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5934" }, { "name": "DSA-2417", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2417" }, { "tags": [ "x_refsource_MISC" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0841_denial_of" }, { "name": "55568", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/55568" }, { "name": "52107", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/52107" }, { "name": "MDVSA-2013:150", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" }, { "name": "APPLE-SA-2013-09-18-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-0841", "datePublished": "2012-12-21T02:00:00", "dateReserved": "2012-01-19T00:00:00", "dateUpdated": "2024-08-06T18:38:14.956Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-0061 (GCVE-0-2012-0061)
Vulnerability from cvelistv5
Published
2012-06-04 20:00
Modified
2024-08-06 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:09:17.302Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "RHSA-2012:0531", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html" }, { "name": "MDVSA-2012:056", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056" }, { "name": "1026882", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026882" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://rpm.org/wiki/Releases/4.9.1.3" }, { "name": "48716", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48716" }, { "name": "81010", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/81010" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=798585" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b" }, { "name": "48651", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48651" }, { "name": "RHSA-2012:0451", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html" }, { "name": "FEDORA-2012-5421", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html" }, { "name": "52865", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/52865" }, { "name": "USN-1695-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1695-1" }, { "name": "openSUSE-SU-2012:0588", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "https://hermes.opensuse.org/messages/14440932" }, { "name": "49110", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/49110" }, { "name": "FEDORA-2012-5420", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html" }, { "name": "FEDORA-2012-5298", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html" }, { "name": "rpm-headerload-code-execution(74583)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74583" }, { "name": "openSUSE-SU-2012:0589", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "https://hermes.opensuse.org/messages/14441362" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-03-04T00:00:00", "descriptions": [ { "lang": "en", "value": "The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-17T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "RHSA-2012:0531", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html" }, { "name": "MDVSA-2012:056", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056" }, { "name": "1026882", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026882" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://rpm.org/wiki/Releases/4.9.1.3" }, { "name": "48716", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48716" }, { "name": "81010", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/81010" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=798585" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b" }, { "name": "48651", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48651" }, { "name": "RHSA-2012:0451", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html" }, { "name": "FEDORA-2012-5421", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html" }, { "name": "52865", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/52865" }, { "name": "USN-1695-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1695-1" }, { "name": "openSUSE-SU-2012:0588", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "https://hermes.opensuse.org/messages/14440932" }, { "name": "49110", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/49110" }, { "name": "FEDORA-2012-5420", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html" }, { "name": "FEDORA-2012-5298", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html" }, { "name": "rpm-headerload-code-execution(74583)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74583" }, { "name": "openSUSE-SU-2012:0589", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "https://hermes.opensuse.org/messages/14441362" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-0061", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "RHSA-2012:0531", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html" }, { "name": "MDVSA-2012:056", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056" }, { "name": "1026882", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026882" }, { "name": "http://rpm.org/wiki/Releases/4.9.1.3", "refsource": "CONFIRM", "url": "http://rpm.org/wiki/Releases/4.9.1.3" }, { "name": "48716", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48716" }, { "name": "81010", "refsource": "OSVDB", "url": "http://www.osvdb.org/81010" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=798585", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=798585" }, { "name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e0052856aa7fa86b", "refsource": "CONFIRM", "url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e0052856aa7fa86b" }, { "name": "48651", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48651" }, { "name": "RHSA-2012:0451", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html" }, { "name": "FEDORA-2012-5421", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html" }, { "name": "52865", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52865" }, { "name": "USN-1695-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1695-1" }, { "name": "openSUSE-SU-2012:0588", "refsource": "SUSE", "url": "https://hermes.opensuse.org/messages/14440932" }, { "name": "49110", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49110" }, { "name": "FEDORA-2012-5420", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html" }, { "name": "FEDORA-2012-5298", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html" }, { "name": "rpm-headerload-code-execution(74583)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74583" }, { "name": "openSUSE-SU-2012:0589", "refsource": "SUSE", "url": "https://hermes.opensuse.org/messages/14441362" }, { "name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=858a328cd0f7d4bcd8500c78faaf00e4f8033df6", "refsource": "CONFIRM", "url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=858a328cd0f7d4bcd8500c78faaf00e4f8033df6" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-0061", "datePublished": "2012-06-04T20:00:00", "dateReserved": "2011-12-07T00:00:00", "dateUpdated": "2024-08-06T18:09:17.302Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-2110 (GCVE-0-2012-2110)
Vulnerability from cvelistv5
Published
2012-04-19 17:00
Modified
2024-08-06 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:26:07.655Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SUSE-SU-2012:0623", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html" }, { "name": "SUSE-SU-2012:1149", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "SSRT101210", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "name": "48899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48899" }, { "name": "20120419 incorrect integer conversions in OpenSSL can result in memory corruption.", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=22434" }, { "name": "MDVSA-2012:060", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "name": "18756", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "http://www.exploit-db.com/exploits/18756" }, { "name": "RHSA-2012:0518", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html" }, { "name": "DSA-2454", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2454" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "USN-1424-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1424-1" }, { "name": "48895", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48895" }, { "name": "48847", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48847" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=22439" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "SUSE-SU-2012:0637", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html" }, { "name": "RHSA-2012:0522", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html" }, { "name": "FEDORA-2012-6343", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57353" }, { "name": "53158", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/53158" }, { "name": "HPSBUX02782", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "FEDORA-2012-6395", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "48942", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48942" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20120419.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=22431" }, { "name": "1026957", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026957" }, { "name": "48999", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48999" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "81223", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/81223" }, { "name": "HPSBMU02900", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "name": "FEDORA-2012-6403", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.juniper.net/KB27376" }, { "name": "SSRT100844", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-04-19T00:00:00", "descriptions": [ { "lang": "en", "value": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "SUSE-SU-2012:0623", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html" }, { "name": "SUSE-SU-2012:1149", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "SSRT101210", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "name": "48899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48899" }, { "name": "20120419 incorrect integer conversions in OpenSSL can result in memory corruption.", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=22434" }, { "name": "MDVSA-2012:060", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "name": "18756", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "http://www.exploit-db.com/exploits/18756" }, { "name": "RHSA-2012:0518", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html" }, { "name": "DSA-2454", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2454" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "USN-1424-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1424-1" }, { "name": "48895", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48895" }, { "name": "48847", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48847" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=22439" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "SUSE-SU-2012:0637", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html" }, { "name": "RHSA-2012:0522", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html" }, { "name": "FEDORA-2012-6343", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57353" }, { "name": "53158", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/53158" }, { "name": "HPSBUX02782", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "FEDORA-2012-6395", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "48942", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48942" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20120419.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=22431" }, { "name": "1026957", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026957" }, { "name": "48999", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48999" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "81223", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/81223" }, { "name": "HPSBMU02900", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "name": "FEDORA-2012-6403", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.juniper.net/KB27376" }, { "name": "SSRT100844", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-2110", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SUSE-SU-2012:0623", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html" }, { "name": "SUSE-SU-2012:1149", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "SSRT101210", "refsource": "HP", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "name": "FEDORA-2012-18035", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "name": "48899", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48899" }, { "name": "20120419 incorrect integer conversions in OpenSSL can result in memory corruption.", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html" }, { "name": "RHSA-2012:1308", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "name": "http://cvs.openssl.org/chngview?cn=22434", "refsource": "CONFIRM", "url": "http://cvs.openssl.org/chngview?cn=22434" }, { "name": "MDVSA-2012:060", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060" }, { "name": "RHSA-2012:1307", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "name": "18756", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/18756" }, { "name": "RHSA-2012:0518", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html" }, { "name": "DSA-2454", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2454" }, { "name": "http://support.apple.com/kb/HT5784", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "USN-1424-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1424-1" }, { "name": "48895", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48895" }, { "name": "48847", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48847" }, { "name": "http://cvs.openssl.org/chngview?cn=22439", "refsource": "CONFIRM", "url": "http://cvs.openssl.org/chngview?cn=22439" }, { "name": "RHSA-2012:1306", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "SUSE-SU-2012:0637", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html" }, { "name": "RHSA-2012:0522", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html" }, { "name": "FEDORA-2012-6343", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html" }, { "name": "HPSBOV02793", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57353" }, { "name": "53158", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53158" }, { "name": "HPSBUX02782", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" }, { "name": "SSRT100891", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "FEDORA-2012-6395", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html" }, { "name": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578", "refsource": "CONFIRM", "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578" }, { "name": "SSRT100852", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "48942", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48942" }, { "name": "http://www.openssl.org/news/secadv_20120419.txt", "refsource": "CONFIRM", "url": "http://www.openssl.org/news/secadv_20120419.txt" }, { "name": "http://cvs.openssl.org/chngview?cn=22431", "refsource": "CONFIRM", "url": "http://cvs.openssl.org/chngview?cn=22431" }, { "name": "1026957", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026957" }, { "name": "48999", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48999" }, { "name": "HPSBMU02776", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "81223", "refsource": "OSVDB", "url": "http://osvdb.org/81223" }, { "name": "HPSBMU02900", "refsource": "HP", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "name": "FEDORA-2012-6403", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html" }, { "name": "https://kb.juniper.net/KB27376", "refsource": "CONFIRM", "url": "https://kb.juniper.net/KB27376" }, { "name": "SSRT100844", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2110", "datePublished": "2012-04-19T17:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2024-08-06T19:26:07.655Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-4324 (GCVE-0-2011-4324)
Vulnerability from cvelistv5
Published
2012-06-21 23:00
Modified
2024-08-07 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The encode_share_access function in fs/nfs/nfs4xdr.c in the Linux kernel before 2.6.29 allows local users to cause a denial of service (BUG and system crash) by using the mknod system call with a pathname on an NFSv4 filesystem.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:01:51.675Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dc0b027dfadfcb8a5504f7d8052754bf8d501ab9" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29" }, { "name": "[oss-security] 20120206 Re: CVE-2011-4324 kernel: nfsv4: mknod(2) DoS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/02/06/3" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=755440" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/dc0b027dfadfcb8a5504f7d8052754bf8d501ab9" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The encode_share_access function in fs/nfs/nfs4xdr.c in the Linux kernel before 2.6.29 allows local users to cause a denial of service (BUG and system crash) by using the mknod system call with a pathname on an NFSv4 filesystem." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-06-21T23:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dc0b027dfadfcb8a5504f7d8052754bf8d501ab9" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29" }, { "name": "[oss-security] 20120206 Re: CVE-2011-4324 kernel: nfsv4: mknod(2) DoS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/02/06/3" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=755440" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/dc0b027dfadfcb8a5504f7d8052754bf8d501ab9" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4324", "datePublished": "2012-06-21T23:00:00Z", "dateReserved": "2011-11-04T00:00:00Z", "dateUpdated": "2024-08-07T00:01:51.675Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-4108 (GCVE-0-2011-4108)
Vulnerability from cvelistv5
Published
2012-01-06 01:00
Modified
2024-08-07 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:01:49.959Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "48528", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48528" }, { "name": "57260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57260" }, { "name": "HPSBMU02786", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "openSUSE-SU-2012:0083", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" }, { "name": "MDVSA-2012:006", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "name": "SUSE-SU-2012:0084", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.isg.rhul.ac.uk/~kp/dtls.pdf" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "SUSE-SU-2014:0320", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02734", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "MDVSA-2012:007", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57353" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "SSRT100729", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "SSRT100877", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "name": "DSA-2390", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2390" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.paloaltonetworks.com/CVE-2011-4108" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-01-04T00:00:00", "descriptions": [ { "lang": "en", "value": "The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-17T16:03:43", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "48528", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48528" }, { "name": "57260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57260" }, { "name": "HPSBMU02786", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "openSUSE-SU-2012:0083", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" }, { "name": "MDVSA-2012:006", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "name": "SUSE-SU-2012:0084", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.isg.rhul.ac.uk/~kp/dtls.pdf" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "SUSE-SU-2014:0320", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02734", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "MDVSA-2012:007", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57353" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "SSRT100729", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "SSRT100877", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "name": "DSA-2390", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2390" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.paloaltonetworks.com/CVE-2011-4108" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4108", "datePublished": "2012-01-06T01:00:00", "dateReserved": "2011-10-18T00:00:00", "dateUpdated": "2024-08-07T00:01:49.959Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-4619 (GCVE-0-2011-4619)
Vulnerability from cvelistv5
Published
2012-01-06 01:00
Modified
2024-08-07 00:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:09:19.394Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "48528", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48528" }, { "name": "HPSBMU02786", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "openSUSE-SU-2012:0083", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" }, { "name": "MDVSA-2012:006", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "name": "SUSE-SU-2012:0084", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02734", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "MDVSA-2012:007", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57353" }, { "name": "HPSBUX02782", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "SSRT100729", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "SSRT100877", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "name": "DSA-2390", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2390" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" }, { "name": "SSRT100844", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-01-04T00:00:00", "descriptions": [ { "lang": "en", "value": "The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-08-19T15:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "48528", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48528" }, { "name": "HPSBMU02786", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "openSUSE-SU-2012:0083", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" }, { "name": "MDVSA-2012:006", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "name": "SUSE-SU-2012:0084", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02734", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "MDVSA-2012:007", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57353" }, { "name": "HPSBUX02782", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "SSRT100729", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "SSRT100877", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "name": "DSA-2390", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2390" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" }, { "name": "SSRT100844", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4619", "datePublished": "2012-01-06T01:00:00", "dateReserved": "2011-11-29T00:00:00", "dateUpdated": "2024-08-07T00:09:19.394Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-2484 (GCVE-0-2011-2484)
Vulnerability from cvelistv5
Published
2011-06-24 20:00
Modified
2024-08-06 23:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T23:00:34.000Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "48383", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/48383" }, { "name": "[oss-security] 20110622 Re: CVE request: kernel: taskstats local DoS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/06/22/2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=715436" }, { "name": "[linux-kernel] 20110616 [PATCH] taskstats: don\u0027t allow duplicate entries in listener mode", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.openwall.net/linux-kernel/2011/06/16/605" }, { "name": "kernel-taskstats-dos(68150)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68150" }, { "name": "[oss-security] 20110622 CVE request: kernel: taskstats local DoS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/06/22/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-06-16T00:00:00", "descriptions": [ { "lang": "en", "value": "The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "48383", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/48383" }, { "name": "[oss-security] 20110622 Re: CVE request: kernel: taskstats local DoS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/06/22/2" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=715436" }, { "name": "[linux-kernel] 20110616 [PATCH] taskstats: don\u0027t allow duplicate entries in listener mode", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.openwall.net/linux-kernel/2011/06/16/605" }, { "name": "kernel-taskstats-dos(68150)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68150" }, { "name": "[oss-security] 20110622 CVE request: kernel: taskstats local DoS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/06/22/1" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-2484", "datePublished": "2011-06-24T20:00:00", "dateReserved": "2011-06-15T00:00:00", "dateUpdated": "2024-08-06T23:00:34.000Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-1573 (GCVE-0-2012-1573)
Vulnerability from cvelistv5
Published
2012-03-26 19:00
Modified
2024-08-06 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:01:01.946Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-1418-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1418-1" }, { "name": "57260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57260" }, { "name": "RHSA-2012:0531", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html" }, { "name": "[gnutls-devel] 20120302 gnutls 3.0.15", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=b495740f2ff66550ca9395b3fda3ea32c3acb185" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=805432" }, { "name": "48511", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48511" }, { "name": "80259", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/80259" }, { "name": "52667", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/52667" }, { "name": "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/03/21/5" }, { "name": "48488", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48488" }, { "name": "48712", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48712" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.gnu.org/software/gnutls/security.html" }, { "name": "1026828", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026828" }, { "name": "FEDORA-2012-4569", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html" }, { "name": "FEDORA-2012-4578", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html" }, { "name": "RHSA-2012:0488", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html" }, { "name": "SUSE-SU-2014:0320", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html" }, { "name": "48596", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48596" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=422214868061370aeeb0ac9cd0f021a5c350a57d" }, { "name": "[oss-security] 20120321 CVE request: GnuTLS TLS record handling issue / MU-201202-01", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/03/21/4" }, { "name": "[gnutls-devel] 20120302 gnutls 2.12.16", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910" }, { "name": "DSA-2441", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2441" }, { "name": "MDVSA-2012:040", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:040" }, { "name": "RHSA-2012:0429", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0429.html" }, { "name": "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-03-02T00:00:00", "descriptions": [ { "lang": "en", "value": "gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-17T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "USN-1418-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1418-1" }, { "name": "57260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57260" }, { "name": "RHSA-2012:0531", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html" }, { "name": "[gnutls-devel] 20120302 gnutls 3.0.15", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=b495740f2ff66550ca9395b3fda3ea32c3acb185" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=805432" }, { "name": "48511", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48511" }, { "name": "80259", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/80259" }, { "name": "52667", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/52667" }, { "name": "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/03/21/5" }, { "name": "48488", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48488" }, { "name": "48712", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48712" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.gnu.org/software/gnutls/security.html" }, { "name": "1026828", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026828" }, { "name": "FEDORA-2012-4569", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html" }, { "name": "FEDORA-2012-4578", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html" }, { "name": "RHSA-2012:0488", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html" }, { "name": "SUSE-SU-2014:0320", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html" }, { "name": "48596", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48596" }, { "tags": [ "x_refsource_MISC" ], "url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=422214868061370aeeb0ac9cd0f021a5c350a57d" }, { "name": "[oss-security] 20120321 CVE request: GnuTLS TLS record handling issue / MU-201202-01", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/03/21/4" }, { "name": "[gnutls-devel] 20120302 gnutls 2.12.16", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910" }, { "name": "DSA-2441", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2441" }, { "name": "MDVSA-2012:040", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:040" }, { "name": "RHSA-2012:0429", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0429.html" }, { "name": "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1573", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-1418-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1418-1" }, { "name": "57260", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57260" }, { "name": "RHSA-2012:0531", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html" }, { "name": "[gnutls-devel] 20120302 gnutls 3.0.15", "refsource": "MLIST", "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912" }, { "name": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185", "refsource": "CONFIRM", "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=805432", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=805432" }, { "name": "48511", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48511" }, { "name": "80259", "refsource": "OSVDB", "url": "http://osvdb.org/80259" }, { "name": "52667", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52667" }, { "name": "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/03/21/5" }, { "name": "48488", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48488" }, { "name": "48712", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48712" }, { "name": "http://www.gnu.org/software/gnutls/security.html", "refsource": "CONFIRM", "url": "http://www.gnu.org/software/gnutls/security.html" }, { "name": "1026828", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026828" }, { "name": "FEDORA-2012-4569", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html" }, { "name": "FEDORA-2012-4578", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html" }, { "name": "RHSA-2012:0488", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html" }, { "name": "SUSE-SU-2014:0320", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html" }, { "name": "48596", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48596" }, { "name": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/", "refsource": "MISC", "url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/" }, { "name": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d", "refsource": "CONFIRM", "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d" }, { "name": "[oss-security] 20120321 CVE request: GnuTLS TLS record handling issue / MU-201202-01", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/03/21/4" }, { "name": "[gnutls-devel] 20120302 gnutls 2.12.16", "refsource": "MLIST", "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910" }, { "name": "DSA-2441", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2441" }, { "name": "MDVSA-2012:040", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:040" }, { "name": "RHSA-2012:0429", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0429.html" }, { "name": "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-1573", "datePublished": "2012-03-26T19:00:00", "dateReserved": "2012-03-12T00:00:00", "dateUpdated": "2024-08-06T19:01:01.946Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-4576 (GCVE-0-2011-4576)
Vulnerability from cvelistv5
Published
2012-01-06 01:00
Modified
2024-08-07 00:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:09:19.391Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "48528", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48528" }, { "name": "HPSBMU02786", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "openSUSE-SU-2012:0083", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" }, { "name": "MDVSA-2012:006", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "name": "SUSE-SU-2012:0084", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02734", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "MDVSA-2012:007", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57353" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "SSRT100729", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "SSRT100877", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "name": "DSA-2390", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2390" }, { "name": "55069", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/55069" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-01-04T00:00:00", "descriptions": [ { "lang": "en", "value": "The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-08-19T15:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "48528", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48528" }, { "name": "HPSBMU02786", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "openSUSE-SU-2012:0083", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" }, { "name": "MDVSA-2012:006", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "name": "SUSE-SU-2012:0084", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02734", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "MDVSA-2012:007", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57353" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "SSRT100729", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "SSRT100877", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "name": "DSA-2390", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2390" }, { "name": "55069", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/55069" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4576", "datePublished": "2012-01-06T01:00:00", "dateReserved": "2011-11-29T00:00:00", "dateUpdated": "2024-08-07T00:09:19.391Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-1020 (GCVE-0-2011-1020)
Vulnerability from cvelistv5
Published
2011-02-28 15:00
Modified
2024-08-06 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T22:14:27.057Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "kernel-procpid-security-bypass(65693)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65693" }, { "name": "8107", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/8107" }, { "name": "43496", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43496" }, { "name": "[oss-security] 20110224 CVE request: kernel: /proc/$pid/ leaks contents across setuid exec", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/02/24/18" }, { "name": "[linux-kernel] 20110208 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lkml.org/lkml/2011/2/7/466" }, { "name": "[oss-security] 20110225 Re: CVE request: kernel: /proc/$pid/ leaks contents across setuid exec", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/02/25/2" }, { "name": "[linux-kernel] 20110207 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lkml.org/lkml/2011/2/7/414" }, { "name": "[linux-kernel] 20110209 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lkml.org/lkml/2011/2/10/21" }, { "name": "46567", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/46567" }, { "name": "[linux-kernel] 20110207 [SECURITY] /proc/$pid/ leaks contents across setuid exec", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lkml.org/lkml/2011/2/7/368" }, { "name": "[linux-kernel] 20110209 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lkml.org/lkml/2011/2/9/417" }, { "name": "[linux-kernel] 20110207 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lkml.org/lkml/2011/2/7/474" }, { "name": "[linux-kernel] 20110208 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lkml.org/lkml/2011/2/7/404" }, { "name": "20110122 Proc filesystem and SUID-Binaries", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2011/Jan/421" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-01-22T00:00:00", "descriptions": [ { "lang": "en", "value": "The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "kernel-procpid-security-bypass(65693)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65693" }, { "name": "8107", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/8107" }, { "name": "43496", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43496" }, { "name": "[oss-security] 20110224 CVE request: kernel: /proc/$pid/ leaks contents across setuid exec", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/02/24/18" }, { "name": "[linux-kernel] 20110208 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lkml.org/lkml/2011/2/7/466" }, { "name": "[oss-security] 20110225 Re: CVE request: kernel: /proc/$pid/ leaks contents across setuid exec", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/02/25/2" }, { "name": "[linux-kernel] 20110207 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lkml.org/lkml/2011/2/7/414" }, { "name": "[linux-kernel] 20110209 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lkml.org/lkml/2011/2/10/21" }, { "name": "46567", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/46567" }, { "name": "[linux-kernel] 20110207 [SECURITY] /proc/$pid/ leaks contents across setuid exec", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lkml.org/lkml/2011/2/7/368" }, { "name": "[linux-kernel] 20110209 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lkml.org/lkml/2011/2/9/417" }, { "name": "[linux-kernel] 20110207 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lkml.org/lkml/2011/2/7/474" }, { "name": "[linux-kernel] 20110208 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lkml.org/lkml/2011/2/7/404" }, { "name": "20110122 Proc filesystem and SUID-Binaries", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2011/Jan/421" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1020", "datePublished": "2011-02-28T15:00:00", "dateReserved": "2011-02-14T00:00:00", "dateUpdated": "2024-08-06T22:14:27.057Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2010-2761 (GCVE-0-2010-2761)
Vulnerability from cvelistv5
Published
2010-12-06 20:00
Modified
2024-08-07 02:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T02:46:47.287Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm" }, { "name": "RHSA-2011:1797", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1797.html" }, { "name": "SUSE-SR:2011:001", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" }, { "name": "FEDORA-2011-0653", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html" }, { "name": "43068", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43068" }, { "name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2010/12/01/2" }, { "name": "69588", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/69588" }, { "name": "43165", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43165" }, { "name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2010/12/01/3" }, { "name": "ADV-2011-0212", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0212" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=591165" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.bugzilla.org/security/3.2.9/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=600464" }, { "name": "FEDORA-2011-0741", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html" }, { "name": "SUSE-SR:2011:005", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" }, { "name": "ADV-2011-0271", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0271" }, { "name": "43033", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43033" }, { "name": "ADV-2011-0207", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0207" }, { "name": "42877", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42877" }, { "name": "SUSE-SR:2011:002", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1" }, { "name": "ADV-2011-0249", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0249" }, { "name": "FEDORA-2011-0755", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html" }, { "name": "MDVSA-2010:250", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:250" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html" }, { "name": "MDVSA-2010:237", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:237" }, { "name": "69589", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/69589" }, { "name": "ADV-2011-0076", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0076" }, { "name": "[oss-security] 20101201 CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2010/12/01/1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes" }, { "name": "FEDORA-2011-0631", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "name": "43147", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43147" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-11-09T00:00:00", "descriptions": [ { "lang": "en", "value": "The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-06T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm" }, { "name": "RHSA-2011:1797", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1797.html" }, { "name": "SUSE-SR:2011:001", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" }, { "name": "FEDORA-2011-0653", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html" }, { "name": "43068", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43068" }, { "name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2010/12/01/2" }, { "name": "69588", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/69588" }, { "name": "43165", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43165" }, { "name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2010/12/01/3" }, { "name": "ADV-2011-0212", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0212" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=591165" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.bugzilla.org/security/3.2.9/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=600464" }, { "name": "FEDORA-2011-0741", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html" }, { "name": "SUSE-SR:2011:005", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" }, { "name": "ADV-2011-0271", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0271" }, { "name": "43033", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43033" }, { "name": "ADV-2011-0207", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0207" }, { "name": "42877", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42877" }, { "name": "SUSE-SR:2011:002", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1" }, { "name": "ADV-2011-0249", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0249" }, { "name": "FEDORA-2011-0755", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html" }, { "name": "MDVSA-2010:250", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:250" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html" }, { "name": "MDVSA-2010:237", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:237" }, { "name": "69589", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/69589" }, { "name": "ADV-2011-0076", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0076" }, { "name": "[oss-security] 20101201 CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2010/12/01/1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes" }, { "name": "FEDORA-2011-0631", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "name": "43147", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43147" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2761", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm", "refsource": "CONFIRM", "url": "http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm" }, { "name": "RHSA-2011:1797", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2011-1797.html" }, { "name": "SUSE-SR:2011:001", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" }, { "name": "FEDORA-2011-0653", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html" }, { "name": "43068", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43068" }, { "name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2010/12/01/2" }, { "name": "69588", "refsource": "OSVDB", "url": "http://osvdb.org/69588" }, { "name": "43165", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43165" }, { "name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2010/12/01/3" }, { "name": "ADV-2011-0212", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0212" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=591165", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=591165" }, { "name": "https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380", "refsource": "CONFIRM", "url": "https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380" }, { "name": "http://www.bugzilla.org/security/3.2.9/", "refsource": "CONFIRM", "url": "http://www.bugzilla.org/security/3.2.9/" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=600464", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=600464" }, { "name": "FEDORA-2011-0741", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html" }, { "name": "SUSE-SR:2011:005", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" }, { "name": "ADV-2011-0271", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0271" }, { "name": "43033", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43033" }, { "name": "ADV-2011-0207", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0207" }, { "name": "42877", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42877" }, { "name": "SUSE-SR:2011:002", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" }, { "name": "http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1", "refsource": "CONFIRM", "url": "http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1" }, { "name": "ADV-2011-0249", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0249" }, { "name": "FEDORA-2011-0755", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html" }, { "name": "MDVSA-2010:250", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:250" }, { "name": "http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html", "refsource": "CONFIRM", "url": "http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html" }, { "name": "MDVSA-2010:237", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:237" }, { "name": "69589", "refsource": "OSVDB", "url": "http://osvdb.org/69589" }, { "name": "ADV-2011-0076", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0076" }, { "name": "[oss-security] 20101201 CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2010/12/01/1" }, { "name": "http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes", "refsource": "CONFIRM", "url": "http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes" }, { "name": "FEDORA-2011-0631", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "name": "43147", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43147" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2761", "datePublished": "2010-12-06T20:00:00", "dateReserved": "2010-07-14T00:00:00", "dateUpdated": "2024-08-07T02:46:47.287Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2010-4180 (GCVE-0-2010-4180)
Vulnerability from cvelistv5
Published
2010-12-06 21:00
Modified
2024-08-07 03:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T03:34:37.524Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SUSE-SR:2011:001", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" }, { "name": "1024822", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1024822" }, { "name": "42473", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42473" }, { "name": "42571", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42571" }, { "name": "43170", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43170" }, { "name": "SSA:2010-340-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668471" }, { "name": "ADV-2011-0268", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0268" }, { "name": "SUSE-SR:2011:009", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4723" }, { "name": "SUSE-SU-2011:0847", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" }, { "name": "42493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42493" }, { "name": "43173", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43173" }, { "name": "FEDORA-2010-18765", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html" }, { "name": "ADV-2011-0032", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0032" }, { "name": "openSUSE-SU-2011:0845", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" }, { "name": "43171", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43171" }, { "name": "42620", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42620" }, { "name": "SSRT100817", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/522176" }, { "name": "APPLE-SA-2011-06-23-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" }, { "name": "USN-1029-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://ubuntu.com/usn/usn-1029-1" }, { "name": "ADV-2010-3120", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3120" }, { "name": "FEDORA-2010-18736", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html" }, { "name": "ADV-2010-3122", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3122" }, { "name": "43169", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43169" }, { "name": "43172", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43172" }, { "name": "HPSBHF02706", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2" }, { "name": "45164", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/45164" }, { "name": "69565", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/69565" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "42469", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42469" }, { "name": "HPSBMU02759", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/522176" }, { "name": "SSRT100475", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "name": "42877", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42877" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=20131" }, { "name": "RHSA-2010:0977", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0977.html" }, { "name": "HPSBMA02658", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" }, { "name": "SSRT100413", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" }, { "name": "ADV-2010-3134", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3134" }, { "name": "ADV-2010-3188", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3188" }, { "name": "oval:org.mitre.oval:def:18910", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910" }, { "name": "HPSBUX02638", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2" }, { "name": "ADV-2011-0076", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0076" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://openssl.org/news/secadv_20101202.txt" }, { "name": "RHSA-2010:0978", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0978.html" }, { "name": "44269", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/44269" }, { "name": "RHSA-2011:0896", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html" }, { "name": "DSA-2141", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2011/dsa-2141" }, { "name": "HPSBOV02670", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "name": "SSRT100613", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2" }, { "name": "SSRT100339", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2" }, { "name": "MDVSA-2010:248", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:248" }, { "name": "RHSA-2010:0979", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0979.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA53\u0026actp=LIST" }, { "name": "42811", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42811" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-12-02T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "SUSE-SR:2011:001", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" }, { "name": "1024822", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1024822" }, { "name": "42473", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42473" }, { "name": "42571", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42571" }, { "name": "43170", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43170" }, { "name": "SSA:2010-340-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668471" }, { "name": "ADV-2011-0268", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0268" }, { "name": "SUSE-SR:2011:009", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4723" }, { "name": "SUSE-SU-2011:0847", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" }, { "name": "42493", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42493" }, { "name": "43173", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43173" }, { "name": "FEDORA-2010-18765", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html" }, { "name": "ADV-2011-0032", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0032" }, { "name": "openSUSE-SU-2011:0845", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" }, { "name": "43171", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43171" }, { "name": "42620", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42620" }, { "name": "SSRT100817", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/522176" }, { "name": "APPLE-SA-2011-06-23-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" }, { "name": "USN-1029-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://ubuntu.com/usn/usn-1029-1" }, { "name": "ADV-2010-3120", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3120" }, { "name": "FEDORA-2010-18736", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html" }, { "name": "ADV-2010-3122", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3122" }, { "name": "43169", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43169" }, { "name": "43172", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43172" }, { "name": "HPSBHF02706", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2" }, { "name": "45164", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/45164" }, { "name": "69565", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/69565" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "42469", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42469" }, { "name": "HPSBMU02759", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/522176" }, { "name": "SSRT100475", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "name": "42877", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42877" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=20131" }, { "name": "RHSA-2010:0977", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0977.html" }, { "name": "HPSBMA02658", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" }, { "name": "SSRT100413", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" }, { "name": "ADV-2010-3134", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3134" }, { "name": "ADV-2010-3188", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3188" }, { "name": "oval:org.mitre.oval:def:18910", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910" }, { "name": "HPSBUX02638", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2" }, { "name": "ADV-2011-0076", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0076" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://openssl.org/news/secadv_20101202.txt" }, { "name": "RHSA-2010:0978", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0978.html" }, { "name": "44269", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/44269" }, { "name": "RHSA-2011:0896", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html" }, { "name": "DSA-2141", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2011/dsa-2141" }, { "name": "HPSBOV02670", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "name": "SSRT100613", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2" }, { "name": "SSRT100339", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2" }, { "name": "MDVSA-2010:248", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:248" }, { "name": "RHSA-2010:0979", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0979.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA53\u0026actp=LIST" }, { "name": "42811", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42811" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-4180", "datePublished": "2010-12-06T21:00:00", "dateReserved": "2010-11-04T00:00:00", "dateUpdated": "2024-08-07T03:34:37.524Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-0392 (GCVE-0-2012-0392)
Vulnerability from cvelistv5
Published
2012-01-08 15:00
Modified
2024-09-16 22:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
References
URL | Tags | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:23:30.983Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "18329", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "http://www.exploit-db.com/exploits/18329" }, { "name": "20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://struts.apache.org/2.x/docs/version-notes-2311.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://struts.apache.org/2.x/docs/s2-008.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt" }, { "name": "[dailydave] 20120106 Apache Struts", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.immunityinc.com/pipermail/dailydave/2012-January/000011.html" }, { "name": "47393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/47393" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-01-08T15:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "18329", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "http://www.exploit-db.com/exploits/18329" }, { "name": "20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://struts.apache.org/2.x/docs/version-notes-2311.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://struts.apache.org/2.x/docs/s2-008.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt" }, { "name": "[dailydave] 20120106 Apache Struts", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.immunityinc.com/pipermail/dailydave/2012-January/000011.html" }, { "name": "47393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/47393" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-0392", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "18329", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/18329" }, { "name": "20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html" }, { "name": "http://struts.apache.org/2.x/docs/version-notes-2311.html", "refsource": "CONFIRM", "url": "http://struts.apache.org/2.x/docs/version-notes-2311.html" }, { "name": "http://struts.apache.org/2.x/docs/s2-008.html", "refsource": "CONFIRM", "url": "http://struts.apache.org/2.x/docs/s2-008.html" }, { "name": "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt", "refsource": "MISC", "url": "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt" }, { "name": "[dailydave] 20120106 Apache Struts", "refsource": "MLIST", "url": "https://lists.immunityinc.com/pipermail/dailydave/2012-January/000011.html" }, { "name": "47393", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47393" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-0392", "datePublished": "2012-01-08T15:00:00Z", "dateReserved": "2012-01-08T00:00:00Z", "dateUpdated": "2024-09-16T22:20:33.133Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-3188 (GCVE-0-2011-3188)
Vulnerability from cvelistv5
Published
2012-05-24 23:00
Modified
2024-08-06 23:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.
References
URL | Tags | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T23:22:27.694Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/bc0b96b54a21246e377122d54569eef71cec535f" }, { "name": "[oss-security] 20110823 Re: CVE request: kernel: change in how tcp seq numbers are generated", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2011/08/23/2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/6e5714eaf77d79ae1c8b47e3e040ff5411b717ec" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6e5714eaf77d79ae1c8b47e3e040ff5411b717ec" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=732658" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" }, { "name": "HPSBGN02970", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=139447903326211\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bc0b96b54a21246e377122d54569eef71cec535f" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K15301?utm_source=f5support\u0026amp%3Butm_medium=RSS" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-08-23T00:00:00", "descriptions": [ { "lang": "en", "value": "The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-12-18T23:06:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/bc0b96b54a21246e377122d54569eef71cec535f" }, { "name": "[oss-security] 20110823 Re: CVE request: kernel: change in how tcp seq numbers are generated", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2011/08/23/2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/6e5714eaf77d79ae1c8b47e3e040ff5411b717ec" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6e5714eaf77d79ae1c8b47e3e040ff5411b717ec" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=732658" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" }, { "name": "HPSBGN02970", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=139447903326211\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bc0b96b54a21246e377122d54569eef71cec535f" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K15301?utm_source=f5support\u0026amp%3Butm_medium=RSS" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-3188", "datePublished": "2012-05-24T23:00:00", "dateReserved": "2011-08-19T00:00:00", "dateUpdated": "2024-08-06T23:22:27.694Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-1833 (GCVE-0-2011-1833)
Vulnerability from cvelistv5
Published
2012-10-03 10:00
Modified
2024-08-06 22:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T22:37:26.098Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/764355487ea220fdc2faf128d577d7f679b91f97" }, { "name": "SUSE-SU-2011:0898", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=764355487ea220fdc2faf128d577d7f679b91f97" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731172" }, { "name": "USN-1188-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1188-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-10-24T00:00:00", "descriptions": [ { "lang": "en", "value": "Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-03-06T14:57:00", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/764355487ea220fdc2faf128d577d7f679b91f97" }, { "name": "SUSE-SU-2011:0898", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=764355487ea220fdc2faf128d577d7f679b91f97" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731172" }, { "name": "USN-1188-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1188-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@ubuntu.com", "ID": "CVE-2011-1833", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/torvalds/linux/commit/764355487ea220fdc2faf128d577d7f679b91f97", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/764355487ea220fdc2faf128d577d7f679b91f97" }, { "name": "SUSE-SU-2011:0898", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html" }, { "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=764355487ea220fdc2faf128d577d7f679b91f97", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=764355487ea220fdc2faf128d577d7f679b91f97" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=731172", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731172" }, { "name": "USN-1188-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1188-1" }, { "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" } ] } } } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2011-1833", "datePublished": "2012-10-03T10:00:00", "dateReserved": "2011-04-27T00:00:00", "dateUpdated": "2024-08-06T22:37:26.098Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-2496 (GCVE-0-2011-2496)
Vulnerability from cvelistv5
Published
2012-06-13 10:00
Modified
2024-08-06 23:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that expands a memory mapping.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T23:00:34.021Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=716538" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/982134ba62618c2d69fbbbd166d0a11ee3b7e3d8" }, { "name": "[oss-security] 20110627 Re: CVE request: kernel: mm: avoid wrapping vm_pgoff in mremap() and stack expansions", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2011/06/27/2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=982134ba62618c2d69fbbbd166d0a11ee3b7e3d8" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that expands a memory mapping." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-06-13T10:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=716538" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/982134ba62618c2d69fbbbd166d0a11ee3b7e3d8" }, { "name": "[oss-security] 20110627 Re: CVE request: kernel: mm: avoid wrapping vm_pgoff in mremap() and stack expansions", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2011/06/27/2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=982134ba62618c2d69fbbbd166d0a11ee3b7e3d8" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-2496", "datePublished": "2012-06-13T10:00:00Z", "dateReserved": "2011-06-15T00:00:00Z", "dateUpdated": "2024-08-06T23:00:34.021Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-4128 (GCVE-0-2011-4128)
Vulnerability from cvelistv5
Published
2011-12-08 20:00
Modified
2024-08-07 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:01:51.259Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-1418-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1418-1" }, { "name": "RHSA-2012:0531", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=e82ef4545e9e98cbcb032f55d7c750b81e3a0450" }, { "name": "[oss-security] 20111108 CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/11/09/2" }, { "name": "48712", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48712" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.gnu.org/software/gnutls/security.html" }, { "name": "FEDORA-2012-4569", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=752308" }, { "name": "RHSA-2012:0488", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html" }, { "name": "48596", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48596" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=190cef6eed37d0e73a73c1e205eb31d45ab60a3c" }, { "name": "MDVSA-2012:045", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:045" }, { "name": "[gnutls-devel] 20111108 Possible buffer overflow on gnutls_session_get_data", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596" }, { "name": "[oss-security] 20111109 Re: CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/11/09/4" }, { "name": "RHSA-2012:0429", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0429.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-11-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-28T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "USN-1418-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1418-1" }, { "name": "RHSA-2012:0531", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=e82ef4545e9e98cbcb032f55d7c750b81e3a0450" }, { "name": "[oss-security] 20111108 CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/11/09/2" }, { "name": "48712", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48712" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.gnu.org/software/gnutls/security.html" }, { "name": "FEDORA-2012-4569", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=752308" }, { "name": "RHSA-2012:0488", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html" }, { "name": "48596", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48596" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commitdiff%3Bh=190cef6eed37d0e73a73c1e205eb31d45ab60a3c" }, { "name": "MDVSA-2012:045", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:045" }, { "name": "[gnutls-devel] 20111108 Possible buffer overflow on gnutls_session_get_data", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596" }, { "name": "[oss-security] 20111109 Re: CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/11/09/4" }, { "name": "RHSA-2012:0429", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0429.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4128", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-1418-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1418-1" }, { "name": "RHSA-2012:0531", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html" }, { "name": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=e82ef4545e9e98cbcb032f55d7c750b81e3a0450", "refsource": "CONFIRM", "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=e82ef4545e9e98cbcb032f55d7c750b81e3a0450" }, { "name": "[oss-security] 20111108 CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/11/09/2" }, { "name": "48712", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48712" }, { "name": "http://www.gnu.org/software/gnutls/security.html", "refsource": "CONFIRM", "url": "http://www.gnu.org/software/gnutls/security.html" }, { "name": "FEDORA-2012-4569", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=752308", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=752308" }, { "name": "RHSA-2012:0488", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html" }, { "name": "48596", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48596" }, { "name": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=190cef6eed37d0e73a73c1e205eb31d45ab60a3c", "refsource": "CONFIRM", "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=190cef6eed37d0e73a73c1e205eb31d45ab60a3c" }, { "name": "MDVSA-2012:045", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:045" }, { "name": "[gnutls-devel] 20111108 Possible buffer overflow on gnutls_session_get_data", "refsource": "MLIST", "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596" }, { "name": "[oss-security] 20111109 Re: CVE request: gnutls possible DoS (GNUTLS-SA-2011-2)", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/11/09/4" }, { "name": "RHSA-2012:0429", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0429.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4128", "datePublished": "2011-12-08T20:00:00", "dateReserved": "2011-10-18T00:00:00", "dateUpdated": "2024-08-07T00:01:51.259Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-1569 (GCVE-0-2012-1569)
Vulnerability from cvelistv5
Published
2012-03-26 19:00
Modified
2024-08-06 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:01:02.196Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "57260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57260" }, { "name": "RHSA-2012:0427", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0427.html" }, { "name": "48578", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48578" }, { "name": "RHSA-2012:0531", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html" }, { "name": "49002", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/49002" }, { "name": "FEDORA-2012-4357", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html" }, { "name": "[oss-security] 20120320 Re: CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/03/20/8" }, { "name": "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/03/21/5" }, { "name": "48488", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48488" }, { "name": "USN-1436-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1436-1" }, { "name": "FEDORA-2012-4342", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html" }, { "name": "FEDORA-2012-4451", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.gnu.org/software/gnutls/security.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=804920" }, { "name": "RHSA-2012:0488", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html" }, { "name": "FEDORA-2012-4308", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html" }, { "name": "SUSE-SU-2014:0320", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html" }, { "name": "[gnutls-devel] 20120316 gnutls 3.0.16", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932" }, { "name": "1026829", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026829" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html" }, { "name": "48596", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48596" }, { "name": "50739", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50739" }, { "name": "48397", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48397" }, { "name": "48505", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48505" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/" }, { "name": "[help-libtasn1] 20120319 GNU Libtasn1 2.12 released", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53" }, { "name": "[help-libtasn1] 20120319 minimal fix to security issue", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54" }, { "name": "[oss-security] 20120320 CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/03/20/3" }, { "name": "DSA-2440", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2440" }, { "name": "MDVSA-2012:039", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:039" }, { "name": "FEDORA-2012-4409", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html" }, { "name": "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html" }, { "name": "FEDORA-2012-4417", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-03-19T00:00:00", "descriptions": [ { "lang": "en", "value": "The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-17T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "57260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57260" }, { "name": "RHSA-2012:0427", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0427.html" }, { "name": "48578", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48578" }, { "name": "RHSA-2012:0531", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html" }, { "name": "49002", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/49002" }, { "name": "FEDORA-2012-4357", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html" }, { "name": "[oss-security] 20120320 Re: CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/03/20/8" }, { "name": "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/03/21/5" }, { "name": "48488", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48488" }, { "name": "USN-1436-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1436-1" }, { "name": "FEDORA-2012-4342", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html" }, { "name": "FEDORA-2012-4451", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.gnu.org/software/gnutls/security.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=804920" }, { "name": "RHSA-2012:0488", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html" }, { "name": "FEDORA-2012-4308", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html" }, { "name": "SUSE-SU-2014:0320", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html" }, { "name": "[gnutls-devel] 20120316 gnutls 3.0.16", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932" }, { "name": "1026829", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026829" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html" }, { "name": "48596", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48596" }, { "name": "50739", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50739" }, { "name": "48397", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48397" }, { "name": "48505", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48505" }, { "tags": [ "x_refsource_MISC" ], "url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/" }, { "name": "[help-libtasn1] 20120319 GNU Libtasn1 2.12 released", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53" }, { "name": "[help-libtasn1] 20120319 minimal fix to security issue", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54" }, { "name": "[oss-security] 20120320 CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/03/20/3" }, { "name": "DSA-2440", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2440" }, { "name": "MDVSA-2012:039", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:039" }, { "name": "FEDORA-2012-4409", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html" }, { "name": "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html" }, { "name": "FEDORA-2012-4417", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1569", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "57260", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57260" }, { "name": "RHSA-2012:0427", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0427.html" }, { "name": "48578", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48578" }, { "name": "RHSA-2012:0531", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html" }, { "name": "49002", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49002" }, { "name": "FEDORA-2012-4357", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html" }, { "name": "[oss-security] 20120320 Re: CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/03/20/8" }, { "name": "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/03/21/5" }, { "name": "48488", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48488" }, { "name": "USN-1436-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1436-1" }, { "name": "FEDORA-2012-4342", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html" }, { "name": "FEDORA-2012-4451", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html" }, { "name": "http://www.gnu.org/software/gnutls/security.html", "refsource": "CONFIRM", "url": "http://www.gnu.org/software/gnutls/security.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=804920", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=804920" }, { "name": "RHSA-2012:0488", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html" }, { "name": "FEDORA-2012-4308", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html" }, { "name": "SUSE-SU-2014:0320", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html" }, { "name": "[gnutls-devel] 20120316 gnutls 3.0.16", "refsource": "MLIST", "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932" }, { "name": "1026829", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026829" }, { "name": "http://linux.oracle.com/errata/ELSA-2014-0596.html", "refsource": "CONFIRM", "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html" }, { "name": "48596", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48596" }, { "name": "50739", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50739" }, { "name": "48397", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48397" }, { "name": "48505", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48505" }, { "name": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/", "refsource": "MISC", "url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/" }, { "name": "[help-libtasn1] 20120319 GNU Libtasn1 2.12 released", "refsource": "MLIST", "url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53" }, { "name": "[help-libtasn1] 20120319 minimal fix to security issue", "refsource": "MLIST", "url": "http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54" }, { "name": "[oss-security] 20120320 CVE request: libtasn1 \"asn1_get_length_der()\" DER decoding issue", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/03/20/3" }, { "name": "DSA-2440", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2440" }, { "name": "MDVSA-2012:039", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:039" }, { "name": "FEDORA-2012-4409", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html" }, { "name": "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html" }, { "name": "FEDORA-2012-4417", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-1569", "datePublished": "2012-03-26T19:00:00", "dateReserved": "2012-03-12T00:00:00", "dateUpdated": "2024-08-06T19:01:02.196Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-4325 (GCVE-0-2011-4325)
Vulnerability from cvelistv5
Published
2012-01-27 15:00
Modified
2024-08-07 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service (NULL pointer dereference and O_DIRECT oops), as demonstrated using diotest4 from LTP.
References
URL | Tags | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:01:51.542Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "linux-kernel-nfs-dos(72297)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72297" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=755455" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=1ae88b2e4" }, { "name": "51366", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/51366" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-08-12T00:00:00", "descriptions": [ { "lang": "en", "value": "The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service (NULL pointer dereference and O_DIRECT oops), as demonstrated using diotest4 from LTP." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "linux-kernel-nfs-dos(72297)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72297" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=755455" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=1ae88b2e4" }, { "name": "51366", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/51366" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4325", "datePublished": "2012-01-27T15:00:00", "dateReserved": "2011-11-04T00:00:00", "dateUpdated": "2024-08-07T00:01:51.542Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-5057 (GCVE-0-2011-5057)
Vulnerability from cvelistv5
Published
2012-01-08 17:00
Modified
2024-08-07 00:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
References
URL | Tags | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:23:39.916Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.apache.org/jira/browse/WW-3631" }, { "name": "47109", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/47109" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.apache.org/jira/browse/WW-2264" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://codesecure.blogspot.com/2011/12/struts-2-session-tampering-via.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-12-07T00:00:00", "descriptions": [ { "lang": "en", "value": "Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an \"easy work-around in existing apps by configuring the interceptor.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-12T20:45:52", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.apache.org/jira/browse/WW-3631" }, { "name": "47109", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/47109" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.apache.org/jira/browse/WW-2264" }, { "tags": [ "x_refsource_MISC" ], "url": "http://codesecure.blogspot.com/2011/12/struts-2-session-tampering-via.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-5057", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an \"easy work-around in existing apps by configuring the interceptor.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://issues.apache.org/jira/browse/WW-3631", "refsource": "CONFIRM", "url": "https://issues.apache.org/jira/browse/WW-3631" }, { "name": "47109", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47109" }, { "name": "https://issues.apache.org/jira/browse/WW-2264", "refsource": "CONFIRM", "url": "https://issues.apache.org/jira/browse/WW-2264" }, { "name": "http://codesecure.blogspot.com/2011/12/struts-2-session-tampering-via.html", "refsource": "MISC", "url": "http://codesecure.blogspot.com/2011/12/struts-2-session-tampering-via.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-5057", "datePublished": "2012-01-08T17:00:00", "dateReserved": "2012-01-08T00:00:00", "dateUpdated": "2024-08-07T00:23:39.916Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-1089 (GCVE-0-2011-1089)
Vulnerability from cvelistv5
Published
2011-04-10 01:29
Modified
2024-08-06 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T22:14:27.618Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/14/5" }, { "name": "[oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/04/9" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=12625" }, { "name": "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/22/6" }, { "name": "46740", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/46740" }, { "name": "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/22/4" }, { "name": "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/05/7" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688980" }, { "name": "[oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/07/9" }, { "name": "MDVSA-2011:178", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178" }, { "name": "[oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/04/01/2" }, { "name": "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/04/10" }, { "name": "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/14/16" }, { "name": "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/31/4" }, { "name": "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/04/12" }, { "name": "MDVSA-2011:179", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:179" }, { "name": "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/14/7" }, { "name": "[oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/04/11" }, { "name": "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/05/3" }, { "name": "RHSA-2011:1526", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1526.html" }, { "name": "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/31/3" }, { "name": "[oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/15/6" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-03-03T00:00:00", "descriptions": [ { "lang": "en", "value": "The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-01-19T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/14/5" }, { "name": "[oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/04/9" }, { "tags": [ "x_refsource_MISC" ], "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=12625" }, { "name": "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/22/6" }, { "name": "46740", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/46740" }, { "name": "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/22/4" }, { "name": "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/05/7" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688980" }, { "name": "[oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/07/9" }, { "name": "MDVSA-2011:178", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178" }, { "name": "[oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/04/01/2" }, { "name": "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/04/10" }, { "name": "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/14/16" }, { "name": "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/31/4" }, { "name": "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/04/12" }, { "name": "MDVSA-2011:179", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:179" }, { "name": "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/14/7" }, { "name": "[oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/04/11" }, { "name": "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/05/3" }, { "name": "RHSA-2011:1526", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1526.html" }, { "name": "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/31/3" }, { "name": "[oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/15/6" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1089", "datePublished": "2011-04-10T01:29:00", "dateReserved": "2011-02-24T00:00:00", "dateUpdated": "2024-08-06T22:14:27.618Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-0391 (GCVE-0-2012-0391)
Vulnerability from cvelistv5
Published
2012-01-08 15:00
Modified
2025-07-30 01:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
References
URL | Tags | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:23:31.000Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "18329", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "http://www.exploit-db.com/exploits/18329" }, { "name": "20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://struts.apache.org/2.x/docs/version-notes-2311.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://struts.apache.org/2.x/docs/s2-008.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.apache.org/jira/browse/WW-3668" }, { "name": "47393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/47393" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2012-0391", "options": [ { "Exploitation": "active" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-02-10T20:07:52.407977Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2022-01-21", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0391" }, "type": "kev" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-30T01:47:01.000Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "timeline": [ { "lang": "en", "time": "2022-01-21T00:00:00+00:00", "value": "CVE-2012-0391 added to CISA KEV" } ], "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-01-08T15:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "18329", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "http://www.exploit-db.com/exploits/18329" }, { "name": "20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://struts.apache.org/2.x/docs/version-notes-2311.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://struts.apache.org/2.x/docs/s2-008.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.apache.org/jira/browse/WW-3668" }, { "name": "47393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/47393" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-0391", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "18329", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/18329" }, { "name": "20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html" }, { "name": "http://struts.apache.org/2.x/docs/version-notes-2311.html", "refsource": "CONFIRM", "url": "http://struts.apache.org/2.x/docs/version-notes-2311.html" }, { "name": "http://struts.apache.org/2.x/docs/s2-008.html", "refsource": "CONFIRM", "url": "http://struts.apache.org/2.x/docs/s2-008.html" }, { "name": "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt", "refsource": "MISC", "url": "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt" }, { "name": "https://issues.apache.org/jira/browse/WW-3668", "refsource": "CONFIRM", "url": "https://issues.apache.org/jira/browse/WW-3668" }, { "name": "47393", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47393" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-0391", "datePublished": "2012-01-08T15:00:00.000Z", "dateReserved": "2012-01-08T00:00:00.000Z", "dateUpdated": "2025-07-30T01:47:01.000Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2009-5064 (GCVE-0-2009-5064)
Vulnerability from cvelistv5
Published
2011-03-30 22:00
Modified
2024-08-07 07:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T07:24:54.063Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/07/7" }, { "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/08/10" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=682998" }, { "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/08/7" }, { "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/08/3" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://reverse.lostrealm.com/protect/ldd.html" }, { "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/07/10" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.catonmat.net/blog/ldd-arbitrary-code-execution/" }, { "name": "[oss-security] 20110307 Re: ldd can execute an app unexpectedly", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/08/2" }, { "name": "[oss-security] 20110307 ldd can execute an app unexpectedly", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/07/13" }, { "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2011/03/08/1" }, { "name": "RHSA-2011:1526", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1526.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531160" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-10-26T00:00:00", "descriptions": [ { "lang": "en", "value": "ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states \"This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-01-19T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/07/7" }, { "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/08/10" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=682998" }, { "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/08/7" }, { "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/08/3" }, { "tags": [ "x_refsource_MISC" ], "url": "http://reverse.lostrealm.com/protect/ldd.html" }, { "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/07/10" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.catonmat.net/blog/ldd-arbitrary-code-execution/" }, { "name": "[oss-security] 20110307 Re: ldd can execute an app unexpectedly", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/08/2" }, { "name": "[oss-security] 20110307 ldd can execute an app unexpectedly", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/07/13" }, { "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2011/03/08/1" }, { "name": "RHSA-2011:1526", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1526.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531160" } ], "tags": [ "disputed" ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-5064", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states \"This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/07/7" }, { "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/08/10" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=682998", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=682998" }, { "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/08/7" }, { "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/08/3" }, { "name": "http://reverse.lostrealm.com/protect/ldd.html", "refsource": "MISC", "url": "http://reverse.lostrealm.com/protect/ldd.html" }, { "name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/07/10" }, { "name": "http://www.catonmat.net/blog/ldd-arbitrary-code-execution/", "refsource": "MISC", "url": "http://www.catonmat.net/blog/ldd-arbitrary-code-execution/" }, { "name": "[oss-security] 20110307 Re: ldd can execute an app unexpectedly", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/08/2" }, { "name": "[oss-security] 20110307 ldd can execute an app unexpectedly", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/07/13" }, { "name": "[oss-security] 20110308 Re: ldd can execute an app unexpectedly", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/03/08/1" }, { "name": "RHSA-2011:1526", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2011-1526.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=531160", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531160" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-5064", "datePublished": "2011-03-30T22:00:00", "dateReserved": "2011-03-30T00:00:00", "dateUpdated": "2024-08-07T07:24:54.063Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-1583 (GCVE-0-2012-1583)
Vulnerability from cvelistv5
Published
2012-06-16 21:00
Modified
2024-08-06 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets.
References
URL | Tags | |||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:01:02.765Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d0772b70faaf8e9f2013b6c4273d94d5eac8047a" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=752304" }, { "name": "1026930", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026930" }, { "name": "53139", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/53139" }, { "name": "RHSA-2012:0488", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html" }, { "name": "48881", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48881" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/d0772b70faaf8e9f2013b6c4273d94d5eac8047a" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-07-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-08-19T15:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d0772b70faaf8e9f2013b6c4273d94d5eac8047a" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=752304" }, { "name": "1026930", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026930" }, { "name": "53139", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/53139" }, { "name": "RHSA-2012:0488", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html" }, { "name": "48881", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48881" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/d0772b70faaf8e9f2013b6c4273d94d5eac8047a" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-1583", "datePublished": "2012-06-16T21:00:00", "dateReserved": "2012-03-12T00:00:00", "dateUpdated": "2024-08-06T19:01:02.765Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-2699 (GCVE-0-2011-2699)
Vulnerability from cvelistv5
Published
2012-05-24 23:00
Modified
2024-08-06 23:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.
References
URL | Tags | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T23:08:23.768Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1027274", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1027274" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/87c48fa3b4630905f98268dde838ee43626a060c" }, { "name": "[oss-security] 20110720 Re: CVE request: kernel: ipv6: make fragment identifications less predictable", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2011/07/20/5" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=87c48fa3b4630905f98268dde838ee43626a060c" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=723429" }, { "name": "MDVSA-2013:150", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-07-20T00:00:00", "descriptions": [ { "lang": "en", "value": "The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-09-07T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "1027274", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1027274" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/87c48fa3b4630905f98268dde838ee43626a060c" }, { "name": "[oss-security] 20110720 Re: CVE request: kernel: ipv6: make fragment identifications less predictable", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2011/07/20/5" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=87c48fa3b4630905f98268dde838ee43626a060c" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=723429" }, { "name": "MDVSA-2013:150", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-2699", "datePublished": "2012-05-24T23:00:00", "dateReserved": "2011-07-11T00:00:00", "dateUpdated": "2024-08-06T23:08:23.768Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-0060 (GCVE-0-2012-0060)
Vulnerability from cvelistv5
Published
2012-06-04 20:00
Modified
2024-08-06 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:09:17.306Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "RHSA-2012:0531", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html" }, { "name": "MDVSA-2012:056", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056" }, { "name": "1026882", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026882" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://rpm.org/wiki/Releases/4.9.1.3" }, { "name": "48716", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48716" }, { "name": "81010", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/81010" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=744858" }, { "name": "48651", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48651" }, { "name": "RHSA-2012:0451", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html" }, { "name": "FEDORA-2012-5421", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190" }, { "name": "52865", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/52865" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=f23998251992b8ae25faf5113c42fee2c49c7f29" }, { "name": "USN-1695-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1695-1" }, { "name": "openSUSE-SU-2012:0588", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "https://hermes.opensuse.org/messages/14440932" }, { "name": "49110", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/49110" }, { "name": "rpm-loadsigverify-code-execution(74582)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74582" }, { "name": "FEDORA-2012-5420", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html" }, { "name": "FEDORA-2012-5298", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html" }, { "name": "openSUSE-SU-2012:0589", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "https://hermes.opensuse.org/messages/14441362" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-03-04T00:00:00", "descriptions": [ { "lang": "en", "value": "RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-17T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "RHSA-2012:0531", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html" }, { "name": "MDVSA-2012:056", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056" }, { "name": "1026882", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026882" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://rpm.org/wiki/Releases/4.9.1.3" }, { "name": "48716", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48716" }, { "name": "81010", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/81010" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=744858" }, { "name": "48651", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48651" }, { "name": "RHSA-2012:0451", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html" }, { "name": "FEDORA-2012-5421", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190" }, { "name": "52865", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/52865" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=f23998251992b8ae25faf5113c42fee2c49c7f29" }, { "name": "USN-1695-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1695-1" }, { "name": "openSUSE-SU-2012:0588", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "https://hermes.opensuse.org/messages/14440932" }, { "name": "49110", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/49110" }, { "name": "rpm-loadsigverify-code-execution(74582)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74582" }, { "name": "FEDORA-2012-5420", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html" }, { "name": "FEDORA-2012-5298", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html" }, { "name": "openSUSE-SU-2012:0589", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "https://hermes.opensuse.org/messages/14441362" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-0060", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "RHSA-2012:0531", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html" }, { "name": "MDVSA-2012:056", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056" }, { "name": "1026882", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026882" }, { "name": "http://rpm.org/wiki/Releases/4.9.1.3", "refsource": "CONFIRM", "url": "http://rpm.org/wiki/Releases/4.9.1.3" }, { "name": "48716", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48716" }, { "name": "81010", "refsource": "OSVDB", "url": "http://www.osvdb.org/81010" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=744858", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=744858" }, { "name": "48651", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48651" }, { "name": "RHSA-2012:0451", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html" }, { "name": "FEDORA-2012-5421", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html" }, { "name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190", "refsource": "CONFIRM", "url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190" }, { "name": "52865", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52865" }, { "name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=f23998251992b8ae25faf5113c42fee2c49c7f29", "refsource": "CONFIRM", "url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=f23998251992b8ae25faf5113c42fee2c49c7f29" }, { "name": "USN-1695-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1695-1" }, { "name": "openSUSE-SU-2012:0588", "refsource": "SUSE", "url": "https://hermes.opensuse.org/messages/14440932" }, { "name": "49110", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49110" }, { "name": "rpm-loadsigverify-code-execution(74582)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74582" }, { "name": "FEDORA-2012-5420", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html" }, { "name": "FEDORA-2012-5298", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html" }, { "name": "openSUSE-SU-2012:0589", "refsource": "SUSE", "url": "https://hermes.opensuse.org/messages/14441362" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-0060", "datePublished": "2012-06-04T20:00:00", "dateReserved": "2011-12-07T00:00:00", "dateUpdated": "2024-08-06T18:09:17.306Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-4109 (GCVE-0-2011-4109)
Vulnerability from cvelistv5
Published
2012-01-06 01:00
Modified
2024-08-07 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:01:50.478Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "48528", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48528" }, { "name": "MDVSA-2012:006", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "name": "SUSE-SU-2012:0084", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02734", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "openssl-policy-checks-dos(72129)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72129" }, { "name": "MDVSA-2012:007", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100729", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "DSA-2390", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2390" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-01-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "48528", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48528" }, { "name": "MDVSA-2012:006", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "name": "SUSE-SU-2012:0084", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02734", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "openssl-policy-checks-dos(72129)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72129" }, { "name": "MDVSA-2012:007", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100729", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "DSA-2390", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2390" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4109", "datePublished": "2012-01-06T01:00:00", "dateReserved": "2011-10-18T00:00:00", "dateUpdated": "2024-08-07T00:01:50.478Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-4577 (GCVE-0-2011-4577)
Vulnerability from cvelistv5
Published
2012-01-06 01:00
Modified
2024-08-07 00:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:09:18.960Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "HPSBMU02786", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "openSUSE-SU-2012:0083", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "name": "SUSE-SU-2012:0084", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02734", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57353" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100729", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "SSRT100877", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-01-04T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-03-18T11:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "HPSBMU02786", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "openSUSE-SU-2012:0083", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "name": "SUSE-SU-2012:0084", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02734", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57353" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100729", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "SSRT100877", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4577", "datePublished": "2012-01-06T01:00:00", "dateReserved": "2011-11-29T00:00:00", "dateUpdated": "2024-08-07T00:09:18.960Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-0207 (GCVE-0-2012-0207)
Vulnerability from cvelistv5
Published
2012-05-17 10:00
Modified
2024-09-16 19:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.
References
URL | Tags | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:16:20.159Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=772867" }, { "name": "[oss-security] 20120110 CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/01/10/5" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-05-17T10:00:00Z", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=772867" }, { "name": "[oss-security] 20120110 CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/01/10/5" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@debian.org", "ID": "CVE-2012-0207", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876" }, { "name": "https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b" }, { "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1" }, { "name": "https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=772867", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=772867" }, { "name": "[oss-security] 20120110 CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/01/10/5" }, { "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27" } ] } } } }, "cveMetadata": { "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2012-0207", "datePublished": "2012-05-17T10:00:00Z", "dateReserved": "2011-12-14T00:00:00Z", "dateUpdated": "2024-09-16T19:41:17.656Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2010-4410 (GCVE-0-2010-4410)
Vulnerability from cvelistv5
Published
2010-12-06 20:00
Modified
2024-08-07 03:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T03:43:14.901Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm" }, { "name": "RHSA-2011:1797", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1797.html" }, { "name": "FEDORA-2011-0653", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html" }, { "name": "43068", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43068" }, { "name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2010/12/01/2" }, { "name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2010/12/01/3" }, { "name": "ADV-2011-0212", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0212" }, { "name": "MDVSA-2010:252", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:252" }, { "name": "44199", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/44199" }, { "name": "SUSE-SR:2011:005", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=658970" }, { "name": "SUSE-SR:2011:002", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1" }, { "name": "ADV-2010-3230", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3230" }, { "name": "ADV-2011-0249", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0249" }, { "name": "45145", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/45145" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html" }, { "name": "MDVSA-2010:237", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:237" }, { "name": "[oss-security] 20101201 CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2010/12/01/1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes" }, { "name": "FEDORA-2011-0631", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "name": "43147", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43147" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-11-09T00:00:00", "descriptions": [ { "lang": "en", "value": "CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-06T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm" }, { "name": "RHSA-2011:1797", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1797.html" }, { "name": "FEDORA-2011-0653", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html" }, { "name": "43068", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43068" }, { "name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2010/12/01/2" }, { "name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2010/12/01/3" }, { "name": "ADV-2011-0212", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0212" }, { "name": "MDVSA-2010:252", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:252" }, { "name": "44199", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/44199" }, { "name": "SUSE-SR:2011:005", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=658970" }, { "name": "SUSE-SR:2011:002", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1" }, { "name": "ADV-2010-3230", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3230" }, { "name": "ADV-2011-0249", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0249" }, { "name": "45145", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/45145" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html" }, { "name": "MDVSA-2010:237", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:237" }, { "name": "[oss-security] 20101201 CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2010/12/01/1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes" }, { "name": "FEDORA-2011-0631", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "name": "43147", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43147" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-4410", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm", "refsource": "CONFIRM", "url": "http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm" }, { "name": "RHSA-2011:1797", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2011-1797.html" }, { "name": "FEDORA-2011-0653", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html" }, { "name": "43068", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43068" }, { "name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2010/12/01/2" }, { "name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2010/12/01/3" }, { "name": "ADV-2011-0212", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0212" }, { "name": "MDVSA-2010:252", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:252" }, { "name": "44199", "refsource": "BID", "url": "http://www.securityfocus.com/bid/44199" }, { "name": "SUSE-SR:2011:005", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=658970", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=658970" }, { "name": "SUSE-SR:2011:002", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" }, { "name": "http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1", "refsource": "CONFIRM", "url": "http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1" }, { "name": "ADV-2010-3230", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/3230" }, { "name": "ADV-2011-0249", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0249" }, { "name": "45145", "refsource": "BID", "url": "http://www.securityfocus.com/bid/45145" }, { "name": "http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html", "refsource": "CONFIRM", "url": "http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html" }, { "name": "MDVSA-2010:237", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:237" }, { "name": "[oss-security] 20101201 CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2010/12/01/1" }, { "name": "http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes", "refsource": "CONFIRM", "url": "http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes" }, { "name": "FEDORA-2011-0631", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "name": "43147", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43147" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-4410", "datePublished": "2010-12-06T20:00:00", "dateReserved": "2010-12-06T00:00:00", "dateUpdated": "2024-08-07T03:43:14.901Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2010-0830 (GCVE-0-2010-0830)
Vulnerability from cvelistv5
Published
2010-06-01 20:00
Modified
2024-08-07 00:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:59:39.371Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MDVSA-2010:111", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:111" }, { "name": "GLSA-201011-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-201011-01.xml" }, { "name": "ADV-2010-1246", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1246" }, { "name": "USN-944-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-944-1" }, { "name": "39900", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39900" }, { "name": "SUSE-SA:2010:052", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html" }, { "name": "40063", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/40063" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=db07e962b6ea963dbb345439f6ab9b0cf74d87c5" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://frugalware.org/security/662" }, { "name": "MDVSA-2010:112", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:112" }, { "name": "DSA-2058", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2010/dsa-2058" }, { "name": "glibc-elf-code-execution(58915)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58915" }, { "name": "1024044", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1024044" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-04-22T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-16T14:57:01", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "name": "MDVSA-2010:111", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:111" }, { "name": "GLSA-201011-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-201011-01.xml" }, { "name": "ADV-2010-1246", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1246" }, { "name": "USN-944-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-944-1" }, { "name": "39900", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39900" }, { "name": "SUSE-SA:2010:052", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html" }, { "name": "40063", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/40063" }, { "tags": [ "x_refsource_MISC" ], "url": "http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=db07e962b6ea963dbb345439f6ab9b0cf74d87c5" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://frugalware.org/security/662" }, { "name": "MDVSA-2010:112", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:112" }, { "name": "DSA-2058", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2010/dsa-2058" }, { "name": "glibc-elf-code-execution(58915)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58915" }, { "name": "1024044", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1024044" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@ubuntu.com", "ID": "CVE-2010-0830", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "MDVSA-2010:111", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:111" }, { "name": "GLSA-201011-01", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201011-01.xml" }, { "name": "ADV-2010-1246", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1246" }, { "name": "USN-944-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-944-1" }, { "name": "39900", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39900" }, { "name": "SUSE-SA:2010:052", "refsource": "SUSE", "url": "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html" }, { "name": "40063", "refsource": "BID", "url": "http://www.securityfocus.com/bid/40063" }, { "name": "http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html", "refsource": "MISC", "url": "http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html" }, { "name": "http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5", "refsource": "CONFIRM", "url": "http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5" }, { "name": "http://frugalware.org/security/662", "refsource": "CONFIRM", "url": "http://frugalware.org/security/662" }, { "name": "MDVSA-2010:112", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:112" }, { "name": "DSA-2058", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-2058" }, { "name": "glibc-elf-code-execution(58915)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58915" }, { "name": "1024044", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1024044" } ] } } } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2010-0830", "datePublished": "2010-06-01T20:00:00", "dateReserved": "2010-03-03T00:00:00", "dateUpdated": "2024-08-07T00:59:39.371Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2010-4252 (GCVE-0-2010-4252)
Vulnerability from cvelistv5
Published
2010-12-06 21:00
Modified
2024-08-07 03:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T03:34:37.850Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "SSA:2010-340-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668471" }, { "name": "oval:org.mitre.oval:def:19039", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19039" }, { "name": "ADV-2010-3120", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3120" }, { "name": "ADV-2010-3122", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3122" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=20098" }, { "name": "42469", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42469" }, { "name": "SSRT100475", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "name": "45163", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/45163" }, { "name": "1024823", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1024823" }, { "name": "HPSBUX02638", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57353" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://openssl.org/news/secadv_20101202.txt" }, { "name": "HPSBOV02670", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "name": "SSRT100339", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/seb-m/jpake" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659297" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-09-12T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "SSA:2010-340-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668471" }, { "name": "oval:org.mitre.oval:def:19039", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19039" }, { "name": "ADV-2010-3120", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3120" }, { "name": "ADV-2010-3122", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3122" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=20098" }, { "name": "42469", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42469" }, { "name": "SSRT100475", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "name": "45163", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/45163" }, { "name": "1024823", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1024823" }, { "name": "HPSBUX02638", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57353" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://openssl.org/news/secadv_20101202.txt" }, { "name": "HPSBOV02670", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "name": "SSRT100339", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/seb-m/jpake" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=659297" }, { "tags": [ "x_refsource_MISC" ], "url": "http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-4252", "datePublished": "2010-12-06T21:00:00", "dateReserved": "2010-11-16T00:00:00", "dateUpdated": "2024-08-07T03:34:37.850Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-3363 (GCVE-0-2011-3363)
Vulnerability from cvelistv5
Published
2012-05-24 23:00
Modified
2024-08-06 23:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T23:29:56.891Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20110914 Re: CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2011/09/14/12" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/70945643722ffeac779d2529a348f99567fa5c33" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=738291" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=70945643722ffeac779d2529a348f99567fa5c33" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-05-24T23:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[oss-security] 20110914 Re: CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2011/09/14/12" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/70945643722ffeac779d2529a348f99567fa5c33" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=738291" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=70945643722ffeac779d2529a348f99567fa5c33" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-3363", "datePublished": "2012-05-24T23:00:00Z", "dateReserved": "2011-08-30T00:00:00Z", "dateUpdated": "2024-08-06T23:29:56.891Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-4110 (GCVE-0-2011-4110)
Vulnerability from cvelistv5
Published
2012-01-27 15:00
Modified
2024-08-07 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key."
References
URL | Tags | ||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:01:50.409Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[linux-kernel] 20111115 [PATCH] KEYS: Fix a NULL pointer deref in the user-defined key type", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lkml.org/lkml/2011/11/15/363" }, { "name": "50755", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/50755" }, { "name": "USN-1328-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1328-1" }, { "name": "USN-1344-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1344-1" }, { "name": "[oss-security] 20111122 Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2011/11/22/5" }, { "name": "[oss-security] 20111121 CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2011/11/21/19" }, { "name": "USN-1324-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1324-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=751297" }, { "name": "47754", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/47754" }, { "name": "[oss-security] 20111121 Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2011/11/22/6" }, { "name": "HPSBGN02970", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=139447903326211\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-11-15T00:00:00", "descriptions": [ { "lang": "en", "value": "The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and \"updating a negative key into a fully instantiated key.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-08-19T15:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[linux-kernel] 20111115 [PATCH] KEYS: Fix a NULL pointer deref in the user-defined key type", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lkml.org/lkml/2011/11/15/363" }, { "name": "50755", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/50755" }, { "name": "USN-1328-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1328-1" }, { "name": "USN-1344-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1344-1" }, { "name": "[oss-security] 20111122 Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2011/11/22/5" }, { "name": "[oss-security] 20111121 CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2011/11/21/19" }, { "name": "USN-1324-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1324-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=751297" }, { "name": "47754", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/47754" }, { "name": "[oss-security] 20111121 Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2011/11/22/6" }, { "name": "HPSBGN02970", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=139447903326211\u0026w=2" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4110", "datePublished": "2012-01-27T15:00:00", "dateReserved": "2011-10-18T00:00:00", "dateUpdated": "2024-08-07T00:01:50.409Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-0050 (GCVE-0-2012-0050)
Vulnerability from cvelistv5
Published
2012-01-19 19:00
Modified
2024-08-06 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:09:17.214Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "48528", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48528" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "MDVSA-2012:011", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:011" }, { "name": "47755", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/47755" }, { "name": "1026548", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026548" }, { "name": "78320", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/78320" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "51563", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/51563" }, { "name": "DSA-2392", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2392" }, { "name": "HPSBUX02737", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03169289" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57353" }, { "name": "SSRT100747", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03169289" }, { "name": "47631", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/47631" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "47677", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/47677" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20120118.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-01-18T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-08-19T15:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "48528", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48528" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "MDVSA-2012:011", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:011" }, { "name": "47755", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/47755" }, { "name": "1026548", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026548" }, { "name": "78320", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/78320" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "51563", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/51563" }, { "name": "DSA-2392", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2392" }, { "name": "HPSBUX02737", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03169289" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57353" }, { "name": "SSRT100747", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03169289" }, { "name": "47631", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/47631" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "47677", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/47677" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20120118.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-0050", "datePublished": "2012-01-19T19:00:00", "dateReserved": "2011-12-07T00:00:00", "dateUpdated": "2024-08-06T18:09:17.214Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2009-5029 (GCVE-0-2009-5029)
Vulnerability from cvelistv5
Published
2013-05-02 14:00
Modified
2024-08-07 07:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T07:24:53.791Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[libc-alpha] 20111215 integer overflow to heap overrun exploit in glibc", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://sourceware.org/ml/libc-alpha/2011-12/msg00037.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=97ac2654b2d831acaa18a2b018b0736245903fd2" }, { "name": "20111203 VSFTPD Remote Heap Overrun (low severity)", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=761245" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-05-02T14:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[libc-alpha] 20111215 integer overflow to heap overrun exploit in glibc", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://sourceware.org/ml/libc-alpha/2011-12/msg00037.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=97ac2654b2d831acaa18a2b018b0736245903fd2" }, { "name": "20111203 VSFTPD Remote Heap Overrun (low severity)", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=761245" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-5029", "datePublished": "2013-05-02T14:00:00Z", "dateReserved": "2010-12-09T00:00:00Z", "dateUpdated": "2024-08-07T07:24:53.791Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-0815 (GCVE-0-2012-0815)
Vulnerability from cvelistv5
Published
2012-06-04 20:00
Modified
2024-08-06 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:38:14.851Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "RHSA-2012:0531", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html" }, { "name": "MDVSA-2012:056", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056" }, { "name": "1026882", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026882" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=744104" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://rpm.org/wiki/Releases/4.9.1.3" }, { "name": "48716", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48716" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b" }, { "name": "48651", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48651" }, { "name": "RHSA-2012:0451", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html" }, { "name": "FEDORA-2012-5421", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html" }, { "name": "52865", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/52865" }, { "name": "rpm-headerverifyinfo-code-execution(74581)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74581" }, { "name": "USN-1695-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1695-1" }, { "name": "openSUSE-SU-2012:0588", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "https://hermes.opensuse.org/messages/14440932" }, { "name": "49110", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/49110" }, { "name": "FEDORA-2012-5420", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html" }, { "name": "FEDORA-2012-5298", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html" }, { "name": "openSUSE-SU-2012:0589", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "https://hermes.opensuse.org/messages/14441362" }, { "name": "81009", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/81009" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-03-04T00:00:00", "descriptions": [ { "lang": "en", "value": "The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-17T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "RHSA-2012:0531", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html" }, { "name": "MDVSA-2012:056", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056" }, { "name": "1026882", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026882" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=744104" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://rpm.org/wiki/Releases/4.9.1.3" }, { "name": "48716", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48716" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b" }, { "name": "48651", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48651" }, { "name": "RHSA-2012:0451", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html" }, { "name": "FEDORA-2012-5421", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html" }, { "name": "52865", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/52865" }, { "name": "rpm-headerverifyinfo-code-execution(74581)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74581" }, { "name": "USN-1695-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1695-1" }, { "name": "openSUSE-SU-2012:0588", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "https://hermes.opensuse.org/messages/14440932" }, { "name": "49110", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/49110" }, { "name": "FEDORA-2012-5420", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html" }, { "name": "FEDORA-2012-5298", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html" }, { "name": "openSUSE-SU-2012:0589", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "https://hermes.opensuse.org/messages/14441362" }, { "name": "81009", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/81009" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-0815", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "RHSA-2012:0531", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html" }, { "name": "MDVSA-2012:056", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056" }, { "name": "1026882", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026882" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=744104", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=744104" }, { "name": "http://rpm.org/wiki/Releases/4.9.1.3", "refsource": "CONFIRM", "url": "http://rpm.org/wiki/Releases/4.9.1.3" }, { "name": "48716", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48716" }, { "name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e0052856aa7fa86b", "refsource": "CONFIRM", "url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e0052856aa7fa86b" }, { "name": "48651", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48651" }, { "name": "RHSA-2012:0451", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html" }, { "name": "FEDORA-2012-5421", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html" }, { "name": "52865", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52865" }, { "name": "rpm-headerverifyinfo-code-execution(74581)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74581" }, { "name": "USN-1695-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1695-1" }, { "name": "openSUSE-SU-2012:0588", "refsource": "SUSE", "url": "https://hermes.opensuse.org/messages/14440932" }, { "name": "49110", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49110" }, { "name": "FEDORA-2012-5420", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html" }, { "name": "FEDORA-2012-5298", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html" }, { "name": "openSUSE-SU-2012:0589", "refsource": "SUSE", "url": "https://hermes.opensuse.org/messages/14441362" }, { "name": "81009", "refsource": "OSVDB", "url": "http://www.osvdb.org/81009" }, { "name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=858a328cd0f7d4bcd8500c78faaf00e4f8033df6", "refsource": "CONFIRM", "url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=858a328cd0f7d4bcd8500c78faaf00e4f8033df6" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-0815", "datePublished": "2012-06-04T20:00:00", "dateReserved": "2012-01-19T00:00:00", "dateUpdated": "2024-08-06T18:38:14.851Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-0864 (GCVE-0-2012-0864)
Vulnerability from cvelistv5
Published
2013-05-02 14:00
Modified
2024-08-06 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.
References
URL | Tags | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:38:14.911Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2012:0531", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html" }, { "name": "52201", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/52201" }, { "name": "RHSA-2012:0393", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0393.html" }, { "name": "RHSA-2012:0397", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0397.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6e" }, { "name": "RHSA-2012:0488", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html" }, { "name": "[libc-alpha] 20120202 [PATCH] vfprintf: validate nargs and positional offsets", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=794766" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.phrack.org/issues.html?issue=67\u0026id=9#article" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-05-02T14:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2012:0531", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html" }, { "name": "52201", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/52201" }, { "name": "RHSA-2012:0393", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0393.html" }, { "name": "RHSA-2012:0397", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0397.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6e" }, { "name": "RHSA-2012:0488", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html" }, { "name": "[libc-alpha] 20120202 [PATCH] vfprintf: validate nargs and positional offsets", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=794766" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.phrack.org/issues.html?issue=67\u0026id=9#article" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-0864", "datePublished": "2013-05-02T14:00:00Z", "dateReserved": "2012-01-19T00:00:00Z", "dateUpdated": "2024-08-06T18:38:14.911Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-3597 (GCVE-0-2011-3597)
Vulnerability from cvelistv5
Published
2012-01-13 18:00
Modified
2024-08-06 23:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T23:37:48.453Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2011:1797", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1797.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=743010" }, { "name": "MDVSA-2012:009", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:009" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc" }, { "name": "USN-1643-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1643-1" }, { "name": "oval:org.mitre.oval:def:19446", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446" }, { "name": "MDVSA-2012:008", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:008" }, { "name": "RHSA-2011:1424", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1424.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "name": "46279", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/46279" }, { "name": "51457", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/51457" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes" }, { "name": "49911", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/49911" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-10-02T00:00:00", "descriptions": [ { "lang": "en", "value": "Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2011:1797", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1797.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=743010" }, { "name": "MDVSA-2012:009", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:009" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc" }, { "name": "USN-1643-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1643-1" }, { "name": "oval:org.mitre.oval:def:19446", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446" }, { "name": "MDVSA-2012:008", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:008" }, { "name": "RHSA-2011:1424", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1424.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "name": "46279", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/46279" }, { "name": "51457", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/51457" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes" }, { "name": "49911", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/49911" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-3597", "datePublished": "2012-01-13T18:00:00", "dateReserved": "2011-09-21T00:00:00", "dateUpdated": "2024-08-06T23:37:48.453Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-0014 (GCVE-0-2011-0014)
Vulnerability from cvelistv5
Published
2011-02-18 23:00
Modified
2024-08-06 21:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T21:36:02.316Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ADV-2011-0361", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0361" }, { "name": "SSA:2011-041-04", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.668823" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "70847", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/70847" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4723" }, { "name": "ADV-2011-0399", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0399" }, { "name": "RHSA-2011:0677", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0677.html" }, { "name": "43301", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43301" }, { "name": "oval:org.mitre.oval:def:18985", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18985" }, { "name": "APPLE-SA-2011-06-23-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" }, { "name": "ADV-2011-0387", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0387" }, { "name": "43286", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43286" }, { "name": "SUSE-SR:2011:005", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" }, { "name": "DSA-2162", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2011/dsa-2162" }, { "name": "ADV-2011-0395", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0395" }, { "name": "NetBSD-SA2011-002", "tags": [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred" ], "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc" }, { "name": "USN-1064-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1064-1" }, { "name": "SSRT100475", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "name": "HPSBMA02658", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" }, { "name": "SSRT100413", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" }, { "name": "43227", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43227" }, { "name": "ADV-2011-0389", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0389" }, { "name": "MDVSA-2011:028", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:028" }, { "name": "FEDORA-2011-1273", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html" }, { "name": "46264", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/46264" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57353" }, { "name": "HPSBUX02689", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=131042179515633\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20110208.txt" }, { "name": "44269", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/44269" }, { "name": "HPSBOV02670", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "name": "43339", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43339" }, { "name": "SSRT100494", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=131042179515633\u0026w=2" }, { "name": "ADV-2011-0603", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0603" }, { "name": "1025050", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1025050" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K10534046" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-02-08T00:00:00", "descriptions": [ { "lang": "en", "value": "ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka \"OCSP stapling vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-27T17:06:06", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "ADV-2011-0361", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0361" }, { "name": "SSA:2011-041-04", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.668823" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "70847", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/70847" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4723" }, { "name": "ADV-2011-0399", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0399" }, { "name": "RHSA-2011:0677", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0677.html" }, { "name": "43301", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43301" }, { "name": "oval:org.mitre.oval:def:18985", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18985" }, { "name": "APPLE-SA-2011-06-23-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" }, { "name": "ADV-2011-0387", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0387" }, { "name": "43286", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43286" }, { "name": "SUSE-SR:2011:005", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" }, { "name": "DSA-2162", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2011/dsa-2162" }, { "name": "ADV-2011-0395", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0395" }, { "name": "NetBSD-SA2011-002", "tags": [ "vendor-advisory", "x_refsource_NETBSD" ], "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc" }, { "name": "USN-1064-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1064-1" }, { "name": "SSRT100475", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "name": "HPSBMA02658", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" }, { "name": "SSRT100413", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" }, { "name": "43227", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43227" }, { "name": "ADV-2011-0389", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0389" }, { "name": "MDVSA-2011:028", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:028" }, { "name": "FEDORA-2011-1273", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html" }, { "name": "46264", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/46264" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57353" }, { "name": "HPSBUX02689", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=131042179515633\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20110208.txt" }, { "name": "44269", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/44269" }, { "name": "HPSBOV02670", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "name": "43339", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43339" }, { "name": "SSRT100494", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=131042179515633\u0026w=2" }, { "name": "ADV-2011-0603", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0603" }, { "name": "1025050", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1025050" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K10534046" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-0014", "datePublished": "2011-02-18T23:00:00", "dateReserved": "2010-12-07T00:00:00", "dateUpdated": "2024-08-06T21:36:02.316Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-3209 (GCVE-0-2011-3209)
Vulnerability from cvelistv5
Published
2012-10-03 10:00
Modified
2024-08-06 23:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The div_long_long_rem implementation in include/asm-x86/div64.h in the Linux kernel before 2.6.26 on the x86 platform allows local users to cause a denial of service (Divide Error Fault and panic) via a clock_gettime system call.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T23:29:56.015Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=732878" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/f8bd2258e2d520dff28c855658bd24bdafb5102d" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f8bd2258e2d520dff28c855658bd24bdafb5102d" }, { "name": "[oss-security] 20111024 kernel; CVE-2011-2942 and CVE-2011-3209", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2011/10/24/3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The div_long_long_rem implementation in include/asm-x86/div64.h in the Linux kernel before 2.6.26 on the x86 platform allows local users to cause a denial of service (Divide Error Fault and panic) via a clock_gettime system call." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-10-03T10:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=732878" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/f8bd2258e2d520dff28c855658bd24bdafb5102d" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f8bd2258e2d520dff28c855658bd24bdafb5102d" }, { "name": "[oss-security] 20111024 kernel; CVE-2011-2942 and CVE-2011-3209", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2011/10/24/3" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-3209", "datePublished": "2012-10-03T10:00:00Z", "dateReserved": "2011-08-19T00:00:00Z", "dateUpdated": "2024-08-06T23:29:56.015Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-0394 (GCVE-0-2012-0394)
Vulnerability from cvelistv5
Published
2012-01-08 15:00
Modified
2024-08-06 18:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
References
URL | Tags | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:23:30.986Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://struts.apache.org/2.x/docs/version-notes-2311.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://struts.apache.org/2.x/docs/s2-008.html" }, { "name": "18329", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "http://www.exploit-db.com/exploits/18329" }, { "name": "20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html" }, { "name": "31434", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "http://www.exploit-db.com/exploits/31434" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt" }, { "name": "78276", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/78276" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-01-05T00:00:00", "descriptions": [ { "lang": "en", "value": "The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not \"a security vulnerability itself." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-02-10T22:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://struts.apache.org/2.x/docs/version-notes-2311.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://struts.apache.org/2.x/docs/s2-008.html" }, { "name": "18329", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "http://www.exploit-db.com/exploits/18329" }, { "name": "20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html" }, { "name": "31434", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "http://www.exploit-db.com/exploits/31434" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt" }, { "name": "78276", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/78276" } ], "tags": [ "disputed" ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-0394", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not \"a security vulnerability itself.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://struts.apache.org/2.x/docs/version-notes-2311.html", "refsource": "MISC", "url": "http://struts.apache.org/2.x/docs/version-notes-2311.html" }, { "name": "http://struts.apache.org/2.x/docs/s2-008.html", "refsource": "MISC", "url": "http://struts.apache.org/2.x/docs/s2-008.html" }, { "name": "18329", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/18329" }, { "name": "20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html" }, { "name": "31434", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/31434" }, { "name": "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt", "refsource": "MISC", "url": "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt" }, { "name": "78276", "refsource": "OSVDB", "url": "http://www.osvdb.org/78276" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-0394", "datePublished": "2012-01-08T15:00:00", "dateReserved": "2012-01-08T00:00:00", "dateUpdated": "2024-08-06T18:23:30.986Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-0393 (GCVE-0-2012-0393)
Vulnerability from cvelistv5
Published
2012-01-08 15:00
Modified
2024-09-16 22:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:23:30.995Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "18329", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "http://www.exploit-db.com/exploits/18329" }, { "name": "20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://struts.apache.org/2.x/docs/version-notes-2311.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://struts.apache.org/2.x/docs/s2-008.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt" }, { "name": "47393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/47393" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2012-01-08T15:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "18329", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "http://www.exploit-db.com/exploits/18329" }, { "name": "20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://struts.apache.org/2.x/docs/version-notes-2311.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://struts.apache.org/2.x/docs/s2-008.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt" }, { "name": "47393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/47393" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-0393", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "18329", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/18329" }, { "name": "20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html" }, { "name": "http://struts.apache.org/2.x/docs/version-notes-2311.html", "refsource": "CONFIRM", "url": "http://struts.apache.org/2.x/docs/version-notes-2311.html" }, { "name": "http://struts.apache.org/2.x/docs/s2-008.html", "refsource": "CONFIRM", "url": "http://struts.apache.org/2.x/docs/s2-008.html" }, { "name": "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt", "refsource": "MISC", "url": "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt" }, { "name": "47393", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47393" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-0393", "datePublished": "2012-01-08T15:00:00Z", "dateReserved": "2012-01-08T00:00:00Z", "dateUpdated": "2024-09-16T22:24:46.401Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…