Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2013-AVI-340
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Apple OS X. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Versions antérieures à OS X Mountain Lion 10.8.4
Impacted products
Vendor | Product | Description |
---|
References
Title | Publication Time | Tags | |||
---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [], "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 OS X Mountain Lion 10.8.4\u003c/P\u003e", "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2013-0982", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0982" }, { "name": "CVE-2012-0050", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0050" }, { "name": "CVE-2013-0984", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0984" }, { "name": "CVE-2013-0277", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0277" }, { "name": "CVE-2013-1856", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1856" }, { "name": "CVE-2011-3210", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3210" }, { "name": "CVE-2013-1855", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1855" }, { "name": "CVE-2013-0276", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0276" }, { "name": "CVE-2011-4619", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4619" }, { "name": "CVE-2013-0985", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0985" }, { "name": "CVE-2012-2110", "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110" }, { "name": "CVE-2011-4576", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4576" }, { "name": "CVE-2011-4577", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4577" }, { "name": "CVE-2013-0983", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0983" }, { "name": "CVE-2013-0989", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0989" }, { "name": "CVE-2011-4108", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4108" }, { "name": "CVE-2013-0990", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0990" }, { "name": "CVE-2013-0155", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0155" }, { "name": "CVE-2013-0986", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0986" }, { "name": "CVE-2013-0988", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0988" }, { "name": "CVE-2013-1024", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1024" }, { "name": "CVE-2013-0975", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0975" }, { "name": "CVE-2011-4109", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4109" }, { "name": "CVE-2011-3207", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3207" }, { "name": "CVE-2012-5519", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5519" }, { "name": "CVE-2011-1945", "url": "https://www.cve.org/CVERecord?id=CVE-2011-1945" }, { "name": "CVE-2013-0987", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0987" }, { "name": "CVE-2012-4929", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4929" }, { "name": "CVE-2013-1854", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1854" }, { "name": "CVE-2013-0333", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0333" }, { "name": "CVE-2012-2333", "url": "https://www.cve.org/CVERecord?id=CVE-2012-2333" }, { "name": "CVE-2013-1857", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1857" }, { "name": "CVE-2012-2131", "url": "https://www.cve.org/CVERecord?id=CVE-2012-2131" } ], "initial_release_date": "2013-06-05T00:00:00", "last_revision_date": "2013-06-05T00:00:00", "links": [], "reference": "CERTA-2013-AVI-340", "revisions": [ { "description": "version initiale.", "revision_date": "2013-06-05T00:00:00.000000" } ], "risks": [ { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OS X", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Apple HT5784 du 04 juin 2013", "url": "http://support.apple.com/kb/HT5784" } ] }
CVE-2011-1945 (GCVE-0-2011-1945)
Vulnerability from cvelistv5
Published
2011-05-31 20:00
Modified
2024-08-06 22:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.
References
URL | Tags | ||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T22:46:00.682Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MDVSA-2011:136", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:136" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/MAPG-8FENZ3" }, { "name": "MDVSA-2011:137", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:137" }, { "name": "DSA-2309", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2011/dsa-2309" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "openSUSE-SU-2011:0634", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "https://hermes.opensuse.org/messages/8760466" }, { "name": "VU#536044", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/536044" }, { "name": "SUSE-SU-2011:0636", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "https://hermes.opensuse.org/messages/8764170" }, { "name": "44935", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/44935" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://eprint.iacr.org/2011/232.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-05-17T00:00:00", "descriptions": [ { "lang": "en", "value": "The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2011-09-07T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "MDVSA-2011:136", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:136" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kb.cert.org/vuls/id/MAPG-8FENZ3" }, { "name": "MDVSA-2011:137", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:137" }, { "name": "DSA-2309", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2011/dsa-2309" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "openSUSE-SU-2011:0634", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "https://hermes.opensuse.org/messages/8760466" }, { "name": "VU#536044", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/536044" }, { "name": "SUSE-SU-2011:0636", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "https://hermes.opensuse.org/messages/8764170" }, { "name": "44935", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/44935" }, { "tags": [ "x_refsource_MISC" ], "url": "http://eprint.iacr.org/2011/232.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1945", "datePublished": "2011-05-31T20:00:00", "dateReserved": "2011-05-09T00:00:00", "dateUpdated": "2024-08-06T22:46:00.682Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-0333 (GCVE-0-2013-0333)
Vulnerability from cvelistv5
Published
2013-01-30 11:00
Modified
2024-08-06 14:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.
References
URL | Tags | ||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:25:09.069Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#628463", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/628463" }, { "name": "DSA-2613", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2013/dsa-2613" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "APPLE-SA-2013-03-14-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html" }, { "name": "[rubyonrails-security] 20130129 Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source\u0026output=gplain" }, { "name": "RHSA-2013:0201", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0201.html" }, { "name": "RHSA-2013:0202", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0202.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://puppet.com/security/cve/cve-2013-0333" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/" }, { "name": "RHSA-2013:0203", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0203.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-01-29T00:00:00", "descriptions": [ { "lang": "en", "value": "lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-08T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "VU#628463", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/628463" }, { "name": "DSA-2613", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2013/dsa-2613" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "APPLE-SA-2013-03-14-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html" }, { "name": "[rubyonrails-security] 20130129 Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source\u0026output=gplain" }, { "name": "RHSA-2013:0201", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0201.html" }, { "name": "RHSA-2013:0202", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0202.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://puppet.com/security/cve/cve-2013-0333" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/" }, { "name": "RHSA-2013:0203", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0203.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0333", "datePublished": "2013-01-30T11:00:00", "dateReserved": "2012-12-06T00:00:00", "dateUpdated": "2024-08-06T14:25:09.069Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-2110 (GCVE-0-2012-2110)
Vulnerability from cvelistv5
Published
2012-04-19 17:00
Modified
2024-08-06 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:26:07.655Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SUSE-SU-2012:0623", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html" }, { "name": "SUSE-SU-2012:1149", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "SSRT101210", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "name": "48899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48899" }, { "name": "20120419 incorrect integer conversions in OpenSSL can result in memory corruption.", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=22434" }, { "name": "MDVSA-2012:060", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "name": "18756", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "http://www.exploit-db.com/exploits/18756" }, { "name": "RHSA-2012:0518", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html" }, { "name": "DSA-2454", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2454" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "USN-1424-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1424-1" }, { "name": "48895", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48895" }, { "name": "48847", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48847" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=22439" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "SUSE-SU-2012:0637", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html" }, { "name": "RHSA-2012:0522", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html" }, { "name": "FEDORA-2012-6343", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57353" }, { "name": "53158", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/53158" }, { "name": "HPSBUX02782", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "FEDORA-2012-6395", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "48942", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48942" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20120419.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=22431" }, { "name": "1026957", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026957" }, { "name": "48999", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48999" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "81223", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/81223" }, { "name": "HPSBMU02900", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "name": "FEDORA-2012-6403", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.juniper.net/KB27376" }, { "name": "SSRT100844", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-04-19T00:00:00", "descriptions": [ { "lang": "en", "value": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "SUSE-SU-2012:0623", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html" }, { "name": "SUSE-SU-2012:1149", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "SSRT101210", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "name": "48899", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48899" }, { "name": "20120419 incorrect integer conversions in OpenSSL can result in memory corruption.", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=22434" }, { "name": "MDVSA-2012:060", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "name": "18756", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "http://www.exploit-db.com/exploits/18756" }, { "name": "RHSA-2012:0518", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html" }, { "name": "DSA-2454", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2454" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "USN-1424-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1424-1" }, { "name": "48895", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48895" }, { "name": "48847", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48847" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=22439" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "SUSE-SU-2012:0637", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html" }, { "name": "RHSA-2012:0522", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html" }, { "name": "FEDORA-2012-6343", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57353" }, { "name": "53158", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/53158" }, { "name": "HPSBUX02782", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "FEDORA-2012-6395", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "48942", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48942" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20120419.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=22431" }, { "name": "1026957", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026957" }, { "name": "48999", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48999" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "81223", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/81223" }, { "name": "HPSBMU02900", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "name": "FEDORA-2012-6403", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.juniper.net/KB27376" }, { "name": "SSRT100844", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-2110", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SUSE-SU-2012:0623", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html" }, { "name": "SUSE-SU-2012:1149", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "SSRT101210", "refsource": "HP", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "name": "FEDORA-2012-18035", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "name": "48899", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48899" }, { "name": "20120419 incorrect integer conversions in OpenSSL can result in memory corruption.", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html" }, { "name": "RHSA-2012:1308", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "name": "http://cvs.openssl.org/chngview?cn=22434", "refsource": "CONFIRM", "url": "http://cvs.openssl.org/chngview?cn=22434" }, { "name": "MDVSA-2012:060", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:060" }, { "name": "RHSA-2012:1307", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "name": "18756", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/18756" }, { "name": "RHSA-2012:0518", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0518.html" }, { "name": "DSA-2454", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2454" }, { "name": "http://support.apple.com/kb/HT5784", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "USN-1424-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1424-1" }, { "name": "48895", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48895" }, { "name": "48847", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48847" }, { "name": "http://cvs.openssl.org/chngview?cn=22439", "refsource": "CONFIRM", "url": "http://cvs.openssl.org/chngview?cn=22439" }, { "name": "RHSA-2012:1306", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "SUSE-SU-2012:0637", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html" }, { "name": "RHSA-2012:0522", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0522.html" }, { "name": "FEDORA-2012-6343", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html" }, { "name": "HPSBOV02793", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57353" }, { "name": "53158", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53158" }, { "name": "HPSBUX02782", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" }, { "name": "SSRT100891", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "FEDORA-2012-6395", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html" }, { "name": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578", "refsource": "CONFIRM", "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578" }, { "name": "SSRT100852", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "48942", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48942" }, { "name": "http://www.openssl.org/news/secadv_20120419.txt", "refsource": "CONFIRM", "url": "http://www.openssl.org/news/secadv_20120419.txt" }, { "name": "http://cvs.openssl.org/chngview?cn=22431", "refsource": "CONFIRM", "url": "http://cvs.openssl.org/chngview?cn=22431" }, { "name": "1026957", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026957" }, { "name": "48999", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48999" }, { "name": "HPSBMU02776", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "81223", "refsource": "OSVDB", "url": "http://osvdb.org/81223" }, { "name": "HPSBMU02900", "refsource": "HP", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "name": "FEDORA-2012-6403", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html" }, { "name": "https://kb.juniper.net/KB27376", "refsource": "CONFIRM", "url": "https://kb.juniper.net/KB27376" }, { "name": "SSRT100844", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2110", "datePublished": "2012-04-19T17:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2024-08-06T19:26:07.655Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-4108 (GCVE-0-2011-4108)
Vulnerability from cvelistv5
Published
2012-01-06 01:00
Modified
2024-08-07 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:01:49.959Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "48528", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48528" }, { "name": "57260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57260" }, { "name": "HPSBMU02786", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "openSUSE-SU-2012:0083", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" }, { "name": "MDVSA-2012:006", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "name": "SUSE-SU-2012:0084", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.isg.rhul.ac.uk/~kp/dtls.pdf" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "SUSE-SU-2014:0320", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02734", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "MDVSA-2012:007", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57353" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "SSRT100729", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "SSRT100877", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "name": "DSA-2390", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2390" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.paloaltonetworks.com/CVE-2011-4108" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-01-04T00:00:00", "descriptions": [ { "lang": "en", "value": "The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-17T16:03:43", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "48528", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48528" }, { "name": "57260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57260" }, { "name": "HPSBMU02786", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "openSUSE-SU-2012:0083", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" }, { "name": "MDVSA-2012:006", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "name": "SUSE-SU-2012:0084", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.isg.rhul.ac.uk/~kp/dtls.pdf" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "SUSE-SU-2014:0320", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02734", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "MDVSA-2012:007", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57353" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "SSRT100729", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "SSRT100877", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "name": "DSA-2390", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2390" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.paloaltonetworks.com/CVE-2011-4108" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4108", "datePublished": "2012-01-06T01:00:00", "dateReserved": "2011-10-18T00:00:00", "dateUpdated": "2024-08-07T00:01:49.959Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-4619 (GCVE-0-2011-4619)
Vulnerability from cvelistv5
Published
2012-01-06 01:00
Modified
2024-08-07 00:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:09:19.394Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "48528", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48528" }, { "name": "HPSBMU02786", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "openSUSE-SU-2012:0083", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" }, { "name": "MDVSA-2012:006", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "name": "SUSE-SU-2012:0084", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02734", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "MDVSA-2012:007", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57353" }, { "name": "HPSBUX02782", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "SSRT100729", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "SSRT100877", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "name": "DSA-2390", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2390" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" }, { "name": "SSRT100844", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-01-04T00:00:00", "descriptions": [ { "lang": "en", "value": "The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-08-19T15:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "48528", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48528" }, { "name": "HPSBMU02786", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "openSUSE-SU-2012:0083", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" }, { "name": "MDVSA-2012:006", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "name": "SUSE-SU-2012:0084", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02734", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "MDVSA-2012:007", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57353" }, { "name": "HPSBUX02782", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "SSRT100729", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "SSRT100877", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "name": "DSA-2390", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2390" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" }, { "name": "SSRT100844", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4619", "datePublished": "2012-01-06T01:00:00", "dateReserved": "2011-11-29T00:00:00", "dateUpdated": "2024-08-07T00:09:19.394Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-1857 (GCVE-0-2013-1857)
Vulnerability from cvelistv5
Published
2013-03-19 22:00
Modified
2024-08-06 15:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence.
References
URL | Tags | |||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T15:20:35.190Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2013-10-22-5", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "name": "openSUSE-SU-2014:0019", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html" }, { "name": "openSUSE-SU-2013:0662", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "RHSA-2013:0698", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "openSUSE-SU-2013:0661", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html" }, { "name": "[rubyonrails-security] 20130318 [CVE-2013-1857] XSS Vulnerability in the `sanitize` helper of Ruby on Rails", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source\u0026output=gplain" }, { "name": "RHSA-2014:1863", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-03-18T00:00:00", "descriptions": [ { "lang": "en", "value": "The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a \u0026#x3a; sequence." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-12-09T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "APPLE-SA-2013-10-22-5", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "name": "openSUSE-SU-2014:0019", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html" }, { "name": "openSUSE-SU-2013:0662", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "RHSA-2013:0698", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "openSUSE-SU-2013:0661", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html" }, { "name": "[rubyonrails-security] 20130318 [CVE-2013-1857] XSS Vulnerability in the `sanitize` helper of Ruby on Rails", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source\u0026output=gplain" }, { "name": "RHSA-2014:1863", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1857", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a \u0026#x3a; sequence." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "APPLE-SA-2013-10-22-5", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "name": "openSUSE-SU-2014:0019", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html" }, { "name": "openSUSE-SU-2013:0662", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html" }, { "name": "http://support.apple.com/kb/HT5784", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5784" }, { "name": "RHSA-2013:0698", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html" }, { "name": "APPLE-SA-2013-06-04-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "openSUSE-SU-2013:0661", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html" }, { "name": "[rubyonrails-security] 20130318 [CVE-2013-1857] XSS Vulnerability in the `sanitize` helper of Ruby on Rails", "refsource": "MLIST", "url": "https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source\u0026output=gplain" }, { "name": "RHSA-2014:1863", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "name": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/", "refsource": "CONFIRM", "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1857", "datePublished": "2013-03-19T22:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:20:35.190Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-0986 (GCVE-0-2013-0986)
Vulnerability from cvelistv5
Published
2013-05-24 10:00
Modified
2024-08-06 14:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:49:19.020Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2013-05-22-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/May/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5770" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "oval:org.mitre.oval:def:16794", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16794" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-05-22T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "name": "APPLE-SA-2013-05-22-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/May/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5770" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "oval:org.mitre.oval:def:16794", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16794" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2013-0986", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "APPLE-SA-2013-05-22-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/May/msg00001.html" }, { "name": "http://support.apple.com/kb/HT5770", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5770" }, { "name": "http://support.apple.com/kb/HT5784", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "oval:org.mitre.oval:def:16794", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16794" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2013-0986", "datePublished": "2013-05-24T10:00:00", "dateReserved": "2013-01-10T00:00:00", "dateUpdated": "2024-08-06T14:49:19.020Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-4576 (GCVE-0-2011-4576)
Vulnerability from cvelistv5
Published
2012-01-06 01:00
Modified
2024-08-07 00:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:09:19.391Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "48528", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48528" }, { "name": "HPSBMU02786", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "openSUSE-SU-2012:0083", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" }, { "name": "MDVSA-2012:006", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "name": "SUSE-SU-2012:0084", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02734", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "MDVSA-2012:007", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57353" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "SSRT100729", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "SSRT100877", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "name": "DSA-2390", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2390" }, { "name": "55069", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/55069" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-01-04T00:00:00", "descriptions": [ { "lang": "en", "value": "The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-08-19T15:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "48528", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48528" }, { "name": "HPSBMU02786", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "openSUSE-SU-2012:0083", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" }, { "name": "MDVSA-2012:006", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "name": "SUSE-SU-2012:0084", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02734", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "MDVSA-2012:007", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57353" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "SSRT100729", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "SSRT100877", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "name": "DSA-2390", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2390" }, { "name": "55069", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/55069" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4576", "datePublished": "2012-01-06T01:00:00", "dateReserved": "2011-11-29T00:00:00", "dateUpdated": "2024-08-07T00:09:19.391Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-4929 (GCVE-0-2012-4929)
Vulnerability from cvelistv5
Published
2012-09-15 18:00
Modified
2024-08-06 20:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T20:50:18.019Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SSRT101139", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2" }, { "name": "RHSA-2013:0587", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html" }, { "name": "DSA-2579", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2579" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gist.github.com/3696912" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091" }, { "name": "FEDORA-2013-4403", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html" }, { "name": "USN-1898-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1898-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://chromiumcodereview.appspot.com/10825183" }, { "name": "openSUSE-SU-2012:1420", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312" }, { "name": "DSA-3253", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2015/dsa-3253" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html" }, { "name": "openSUSE-SU-2013:0157", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/mpgn/CRIME-poc" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://news.ycombinator.com/item?id=4510829" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.theregister.co.uk/2012/09/14/crime_tls_attack/" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "JVNDB-2016-000129", "tags": [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred" ], "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html" }, { "name": "USN-1627-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1627-1" }, { "name": "DSA-2627", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2013/dsa-2627" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://code.google.com/p/chromium/issues/detail?id=139744" }, { "name": "oval:org.mitre.oval:def:18920", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/" }, { "name": "55704", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/55704" }, { "name": "USN-1628-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1628-1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.ekoparty.org/2012/thai-duong.php" }, { "name": "openSUSE-SU-2013:0143", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor" }, { "name": "HPSBUX02866", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2" }, { "name": "JVN#65273415", "tags": [ "third-party-advisory", "x_refsource_JVN", "x_transferred" ], "url": "http://jvn.jp/en/jp/JVN65273415/index.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857051" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a \"CRIME\" attack." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-21T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "SSRT101139", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2" }, { "name": "RHSA-2013:0587", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html" }, { "name": "DSA-2579", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2579" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gist.github.com/3696912" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091" }, { "name": "FEDORA-2013-4403", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html" }, { "name": "USN-1898-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1898-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://chromiumcodereview.appspot.com/10825183" }, { "name": "openSUSE-SU-2012:1420", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312" }, { "name": "DSA-3253", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2015/dsa-3253" }, { "tags": [ "x_refsource_MISC" ], "url": "http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html" }, { "name": "openSUSE-SU-2013:0157", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/mpgn/CRIME-poc" }, { "tags": [ "x_refsource_MISC" ], "url": "http://news.ycombinator.com/item?id=4510829" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.theregister.co.uk/2012/09/14/crime_tls_attack/" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "JVNDB-2016-000129", "tags": [ "third-party-advisory", "x_refsource_JVNDB" ], "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html" }, { "name": "USN-1627-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1627-1" }, { "name": "DSA-2627", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2013/dsa-2627" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://code.google.com/p/chromium/issues/detail?id=139744" }, { "name": "oval:org.mitre.oval:def:18920", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920" }, { "tags": [ "x_refsource_MISC" ], "url": "http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/" }, { "name": "55704", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/55704" }, { "name": "USN-1628-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1628-1" }, { "tags": [ "x_refsource_MISC" ], "url": "https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212" }, { "tags": [ "x_refsource_MISC" ], "url": "http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.ekoparty.org/2012/thai-duong.php" }, { "name": "openSUSE-SU-2013:0143", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor" }, { "name": "HPSBUX02866", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2" }, { "name": "JVN#65273415", "tags": [ "third-party-advisory", "x_refsource_JVN" ], "url": "http://jvn.jp/en/jp/JVN65273415/index.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857051" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4929", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a \"CRIME\" attack." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SSRT101139", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2" }, { "name": "RHSA-2013:0587", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html" }, { "name": "DSA-2579", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2579" }, { "name": "https://gist.github.com/3696912", "refsource": "MISC", "url": "https://gist.github.com/3696912" }, { "name": "http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091", "refsource": "MISC", "url": "http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091" }, { "name": "FEDORA-2013-4403", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html" }, { "name": "USN-1898-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1898-1" }, { "name": "https://chromiumcodereview.appspot.com/10825183", "refsource": "CONFIRM", "url": "https://chromiumcodereview.appspot.com/10825183" }, { "name": "openSUSE-SU-2012:1420", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html" }, { "name": "http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312", "refsource": "MISC", "url": "http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312" }, { "name": "DSA-3253", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3253" }, { "name": "http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html", "refsource": "MISC", "url": "http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html" }, { "name": "openSUSE-SU-2013:0157", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html" }, { "name": "https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls", "refsource": "MISC", "url": "https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls" }, { "name": "https://github.com/mpgn/CRIME-poc", "refsource": "MISC", "url": "https://github.com/mpgn/CRIME-poc" }, { "name": "http://news.ycombinator.com/item?id=4510829", "refsource": "MISC", "url": "http://news.ycombinator.com/item?id=4510829" }, { "name": "http://support.apple.com/kb/HT5784", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5784" }, { "name": "http://www.theregister.co.uk/2012/09/14/crime_tls_attack/", "refsource": "MISC", "url": "http://www.theregister.co.uk/2012/09/14/crime_tls_attack/" }, { "name": "APPLE-SA-2013-06-04-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "JVNDB-2016-000129", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html" }, { "name": "USN-1627-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1627-1" }, { "name": "DSA-2627", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2627" }, { "name": "http://code.google.com/p/chromium/issues/detail?id=139744", "refsource": "CONFIRM", "url": "http://code.google.com/p/chromium/issues/detail?id=139744" }, { "name": "oval:org.mitre.oval:def:18920", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920" }, { "name": "http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/", "refsource": "MISC", "url": "http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/" }, { "name": "55704", "refsource": "BID", "url": "http://www.securityfocus.com/bid/55704" }, { "name": "USN-1628-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1628-1" }, { "name": "https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212", "refsource": "MISC", "url": "https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212" }, { "name": "http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512", "refsource": "MISC", "url": "http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512" }, { "name": "http://www.ekoparty.org/2012/thai-duong.php", "refsource": "MISC", "url": "http://www.ekoparty.org/2012/thai-duong.php" }, { "name": "openSUSE-SU-2013:0143", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html" }, { "name": "http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor", "refsource": "MISC", "url": "http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor" }, { "name": "HPSBUX02866", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2" }, { "name": "JVN#65273415", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN65273415/index.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=857051", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857051" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-4929", "datePublished": "2012-09-15T18:00:00", "dateReserved": "2012-09-15T00:00:00", "dateUpdated": "2024-08-06T20:50:18.019Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-1854 (GCVE-0-2013-1854)
Vulnerability from cvelistv5
Published
2013-03-19 22:00
Modified
2024-08-06 15:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T15:20:36.703Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2013:0667", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html" }, { "name": "APPLE-SA-2013-10-22-5", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "name": "openSUSE-SU-2013:0659", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html" }, { "name": "openSUSE-SU-2013:0660", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "RHSA-2014:1863", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "name": "openSUSE-SU-2013:0664", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html" }, { "name": "openSUSE-SU-2013:0668", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html" }, { "name": "[ruby-security-ann] 20130318 [CVE-2013-1854] Symbol DoS vulnerability in Active Record", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source\u0026output=gplain" }, { "name": "RHSA-2013:0699", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0699.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-03-18T00:00:00", "descriptions": [ { "lang": "en", "value": "The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-12-09T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "openSUSE-SU-2013:0667", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html" }, { "name": "APPLE-SA-2013-10-22-5", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "name": "openSUSE-SU-2013:0659", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html" }, { "name": "openSUSE-SU-2013:0660", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "RHSA-2014:1863", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "name": "openSUSE-SU-2013:0664", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html" }, { "name": "openSUSE-SU-2013:0668", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html" }, { "name": "[ruby-security-ann] 20130318 [CVE-2013-1854] Symbol DoS vulnerability in Active Record", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source\u0026output=gplain" }, { "name": "RHSA-2013:0699", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0699.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1854", "datePublished": "2013-03-19T22:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:20:36.703Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-1856 (GCVE-0-2013-1856)
Vulnerability from cvelistv5
Published
2013-03-19 22:00
Modified
2024-08-06 15:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving (1) an external DTD or (2) an external entity declaration in conjunction with an entity reference.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T15:20:35.152Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2013-10-22-5", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "[rubyonrails-security] 20130318 [CVE-2013-1856] XML Parsing Vulnerability affecting JRuby users", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source\u0026output=gplain" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-03-18T00:00:00", "descriptions": [ { "lang": "en", "value": "The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving (1) an external DTD or (2) an external entity declaration in conjunction with an entity reference." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-03-22T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "APPLE-SA-2013-10-22-5", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "[rubyonrails-security] 20130318 [CVE-2013-1856] XML Parsing Vulnerability affecting JRuby users", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source\u0026output=gplain" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1856", "datePublished": "2013-03-19T22:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:20:35.152Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-0983 (GCVE-0-2013-0983)
Vulnerability from cvelistv5
Published
2013-06-05 10:00
Modified
2024-09-16 23:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encountered by Safari.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:49:19.030Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encountered by Safari." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-06-05T10:00:00Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2013-0983", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encountered by Safari." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://support.apple.com/kb/HT5784", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2013-0983", "datePublished": "2013-06-05T10:00:00Z", "dateReserved": "2013-01-10T00:00:00Z", "dateUpdated": "2024-09-16T23:01:33.553Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-0989 (GCVE-0-2013-0989)
Vulnerability from cvelistv5
Published
2013-05-24 10:00
Modified
2024-08-06 14:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP3 file.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:49:19.079Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:16831", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16831" }, { "name": "APPLE-SA-2013-05-22-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/May/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5770" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-05-22T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP3 file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "name": "oval:org.mitre.oval:def:16831", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16831" }, { "name": "APPLE-SA-2013-05-22-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/May/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5770" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2013-0989", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP3 file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:16831", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16831" }, { "name": "APPLE-SA-2013-05-22-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/May/msg00001.html" }, { "name": "http://support.apple.com/kb/HT5770", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5770" }, { "name": "http://support.apple.com/kb/HT5784", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2013-0989", "datePublished": "2013-05-24T10:00:00", "dateReserved": "2013-01-10T00:00:00", "dateUpdated": "2024-08-06T14:49:19.079Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-0975 (GCVE-0-2013-0975)
Vulnerability from cvelistv5
Published
2013-06-05 10:00
Modified
2024-09-16 19:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:49:19.028Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-06-05T10:00:00Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2013-0975", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://support.apple.com/kb/HT5784", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2013-0975", "datePublished": "2013-06-05T10:00:00Z", "dateReserved": "2013-01-10T00:00:00Z", "dateUpdated": "2024-09-16T19:52:18.866Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-0990 (GCVE-0-2013-0990)
Vulnerability from cvelistv5
Published
2013-06-05 10:00
Modified
2024-09-16 19:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:49:20.312Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-06-05T10:00:00Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2013-0990", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://support.apple.com/kb/HT5784", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2013-0990", "datePublished": "2013-06-05T10:00:00Z", "dateReserved": "2013-01-10T00:00:00Z", "dateUpdated": "2024-09-16T19:25:04.529Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-3207 (GCVE-0-2011-3207)
Vulnerability from cvelistv5
Published
2011-09-22 10:00
Modified
2024-08-06 23:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T23:29:56.260Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "HPSBMU02752", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2" }, { "name": "SSRT100802", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "name": "FEDORA-2011-12233", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065744.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=21349" }, { "name": "45956", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/45956" }, { "name": "MDVSA-2011:137", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:137" }, { "name": "FEDORA-2011-12281", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065712.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=736087" }, { "name": "1026012", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026012" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://openssl.org/news/secadv_20110906.txt" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57353" }, { "name": "RHSA-2011:1409", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1409.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-09-06T00:00:00", "descriptions": [ { "lang": "en", "value": "crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-03-18T11:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "HPSBMU02752", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2" }, { "name": "SSRT100802", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "name": "FEDORA-2011-12233", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065744.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=21349" }, { "name": "45956", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/45956" }, { "name": "MDVSA-2011:137", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:137" }, { "name": "FEDORA-2011-12281", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065712.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=736087" }, { "name": "1026012", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026012" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://openssl.org/news/secadv_20110906.txt" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57353" }, { "name": "RHSA-2011:1409", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1409.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3207", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "HPSBMU02752", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2" }, { "name": "SSRT100802", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "FEDORA-2012-18035", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "name": "FEDORA-2011-12233", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065744.html" }, { "name": "http://cvs.openssl.org/chngview?cn=21349", "refsource": "CONFIRM", "url": "http://cvs.openssl.org/chngview?cn=21349" }, { "name": "45956", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/45956" }, { "name": "MDVSA-2011:137", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:137" }, { "name": "FEDORA-2011-12281", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065712.html" }, { "name": "http://support.apple.com/kb/HT5784", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=736087", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=736087" }, { "name": "1026012", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026012" }, { "name": "http://openssl.org/news/secadv_20110906.txt", "refsource": "CONFIRM", "url": "http://openssl.org/news/secadv_20110906.txt" }, { "name": "57353", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57353" }, { "name": "RHSA-2011:1409", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2011-1409.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-3207", "datePublished": "2011-09-22T10:00:00", "dateReserved": "2011-08-19T00:00:00", "dateUpdated": "2024-08-06T23:29:56.260Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-0984 (GCVE-0-2013-0984)
Vulnerability from cvelistv5
Published
2013-06-05 10:00
Modified
2024-09-16 18:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:49:18.997Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-06-05T10:00:00Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2013-0984", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://support.apple.com/kb/HT5784", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2013-0984", "datePublished": "2013-06-05T10:00:00Z", "dateReserved": "2013-01-10T00:00:00Z", "dateUpdated": "2024-09-16T18:50:13.108Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-1024 (GCVE-0-2013-1024)
Vulnerability from cvelistv5
Published
2013-06-05 10:00
Modified
2024-08-06 14:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
References
URL | Tags | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:49:20.483Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2013-10-22-8", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT6001" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-06-04T00:00:00", "descriptions": [ { "lang": "en", "value": "CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-01-23T19:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "name": "APPLE-SA-2013-10-22-8", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT6001" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2013-1024", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "APPLE-SA-2013-10-22-8", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html" }, { "name": "http://support.apple.com/kb/HT6001", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT6001" }, { "name": "http://support.apple.com/kb/HT5784", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2013-1024", "datePublished": "2013-06-05T10:00:00", "dateReserved": "2013-01-10T00:00:00", "dateUpdated": "2024-08-06T14:49:20.483Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-1855 (GCVE-0-2013-1855)
Vulnerability from cvelistv5
Published
2013-03-19 22:00
Modified
2024-08-06 15:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.
References
URL | Tags | |||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T15:20:35.175Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2013-10-22-5", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "name": "[rubyonrails-security] 20130318 [CVE-2013-1855] XSS vulnerability in sanitize_css in Action Pack", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source\u0026output=gplain" }, { "name": "openSUSE-SU-2014:0019", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html" }, { "name": "openSUSE-SU-2013:0662", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "RHSA-2013:0698", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "openSUSE-SU-2013:0661", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html" }, { "name": "RHSA-2014:1863", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-03-18T00:00:00", "descriptions": [ { "lang": "en", "value": "The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \\n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-12-09T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "APPLE-SA-2013-10-22-5", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "name": "[rubyonrails-security] 20130318 [CVE-2013-1855] XSS vulnerability in sanitize_css in Action Pack", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source\u0026output=gplain" }, { "name": "openSUSE-SU-2014:0019", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html" }, { "name": "openSUSE-SU-2013:0662", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "RHSA-2013:0698", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "openSUSE-SU-2013:0661", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html" }, { "name": "RHSA-2014:1863", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1855", "datePublished": "2013-03-19T22:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:20:35.175Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-4109 (GCVE-0-2011-4109)
Vulnerability from cvelistv5
Published
2012-01-06 01:00
Modified
2024-08-07 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:01:50.478Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "48528", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48528" }, { "name": "MDVSA-2012:006", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "name": "SUSE-SU-2012:0084", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02734", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "openssl-policy-checks-dos(72129)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72129" }, { "name": "MDVSA-2012:007", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100729", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "DSA-2390", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2390" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-01-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "48528", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48528" }, { "name": "MDVSA-2012:006", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "name": "SUSE-SU-2012:0084", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02734", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "openssl-policy-checks-dos(72129)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72129" }, { "name": "MDVSA-2012:007", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100729", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "DSA-2390", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2390" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4109", "datePublished": "2012-01-06T01:00:00", "dateReserved": "2011-10-18T00:00:00", "dateUpdated": "2024-08-07T00:01:50.478Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-4577 (GCVE-0-2011-4577)
Vulnerability from cvelistv5
Published
2012-01-06 01:00
Modified
2024-08-07 00:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:09:18.960Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "HPSBMU02786", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "openSUSE-SU-2012:0083", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "name": "SUSE-SU-2012:0084", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02734", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57353" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100729", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "SSRT100877", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-01-04T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-03-18T11:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "HPSBMU02786", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "openSUSE-SU-2012:0083", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "name": "SUSE-SU-2012:0084", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "HPSBUX02734", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57353" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100729", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "name": "SSRT100877", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4577", "datePublished": "2012-01-06T01:00:00", "dateReserved": "2011-11-29T00:00:00", "dateUpdated": "2024-08-07T00:09:18.960Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-2333 (GCVE-0-2012-2333)
Vulnerability from cvelistv5
Published
2012-05-14 22:00
Modified
2024-08-06 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:34:25.869Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "53476", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/53476" }, { "name": "49116", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/49116" }, { "name": "SSRT100930", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "name": "51312", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/51312" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=22538" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "name": "SSRT101108", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "49208", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/49208" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "SUSE-SU-2012:0679", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820686" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=22547" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "50768", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50768" }, { "name": "49324", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/49324" }, { "name": "openssl-tls-record-dos(75525)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75525" }, { "name": "HPSBOV02852", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "SUSE-SU-2012:0678", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20120510.txt" }, { "name": "1027057", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1027057" }, { "name": "FEDORA-2012-7939", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.cert.fi/en/reports/2012/vulnerability641549.html" }, { "name": "HPSBUX02814", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2" }, { "name": "DSA-2475", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2475" }, { "name": "MDVSA-2012:073", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:073" }, { "name": "RHSA-2012:0699", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0699.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "53476", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/53476" }, { "name": "49116", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/49116" }, { "name": "SSRT100930", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2" }, { "name": "FEDORA-2012-18035", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "name": "51312", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/51312" }, { "name": "RHSA-2012:1308", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=22538" }, { "name": "RHSA-2012:1307", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "name": "SSRT101108", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "49208", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/49208" }, { "name": "VU#737740", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "SUSE-SU-2012:0679", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820686" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=22547" }, { "name": "RHSA-2012:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "50768", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50768" }, { "name": "49324", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/49324" }, { "name": "openssl-tls-record-dos(75525)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75525" }, { "name": "HPSBOV02852", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "SUSE-SU-2012:0678", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20120510.txt" }, { "name": "1027057", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1027057" }, { "name": "FEDORA-2012-7939", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.cert.fi/en/reports/2012/vulnerability641549.html" }, { "name": "HPSBUX02814", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2" }, { "name": "DSA-2475", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2475" }, { "name": "MDVSA-2012:073", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:073" }, { "name": "RHSA-2012:0699", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0699.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-2333", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "53476", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53476" }, { "name": "49116", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49116" }, { "name": "SSRT100930", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2" }, { "name": "FEDORA-2012-18035", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" }, { "name": "51312", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51312" }, { "name": "RHSA-2012:1308", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" }, { "name": "http://cvs.openssl.org/chngview?cn=22538", "refsource": "CONFIRM", "url": "http://cvs.openssl.org/chngview?cn=22538" }, { "name": "RHSA-2012:1307", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" }, { "name": "SSRT101108", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "http://support.apple.com/kb/HT5784", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "49208", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49208" }, { "name": "VU#737740", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/737740" }, { "name": "SUSE-SU-2012:0679", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=820686", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820686" }, { "name": "http://cvs.openssl.org/chngview?cn=22547", "refsource": "CONFIRM", "url": "http://cvs.openssl.org/chngview?cn=22547" }, { "name": "RHSA-2012:1306", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" }, { "name": "50768", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50768" }, { "name": "49324", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49324" }, { "name": "openssl-tls-record-dos(75525)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75525" }, { "name": "HPSBOV02852", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2" }, { "name": "SUSE-SU-2012:0678", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html" }, { "name": "http://www.openssl.org/news/secadv_20120510.txt", "refsource": "CONFIRM", "url": "http://www.openssl.org/news/secadv_20120510.txt" }, { "name": "1027057", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1027057" }, { "name": "FEDORA-2012-7939", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html" }, { "name": "http://www.cert.fi/en/reports/2012/vulnerability641549.html", "refsource": "MISC", "url": "http://www.cert.fi/en/reports/2012/vulnerability641549.html" }, { "name": "HPSBUX02814", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=134919053717161\u0026w=2" }, { "name": "DSA-2475", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2475" }, { "name": "MDVSA-2012:073", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:073" }, { "name": "RHSA-2012:0699", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0699.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2333", "datePublished": "2012-05-14T22:00:00", "dateReserved": "2012-04-19T00:00:00", "dateUpdated": "2024-08-06T19:34:25.869Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-0988 (GCVE-0-2013-0988)
Vulnerability from cvelistv5
Published
2013-05-24 10:00
Modified
2024-08-06 14:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FPX file.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:49:20.218Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2013-05-22-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/May/msg00001.html" }, { "name": "oval:org.mitre.oval:def:16637", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16637" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5770" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-05-22T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FPX file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "name": "APPLE-SA-2013-05-22-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/May/msg00001.html" }, { "name": "oval:org.mitre.oval:def:16637", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16637" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5770" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2013-0988", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FPX file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "APPLE-SA-2013-05-22-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/May/msg00001.html" }, { "name": "oval:org.mitre.oval:def:16637", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16637" }, { "name": "http://support.apple.com/kb/HT5770", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5770" }, { "name": "http://support.apple.com/kb/HT5784", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2013-0988", "datePublished": "2013-05-24T10:00:00", "dateReserved": "2013-01-10T00:00:00", "dateUpdated": "2024-08-06T14:49:20.218Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-0050 (GCVE-0-2012-0050)
Vulnerability from cvelistv5
Published
2012-01-19 19:00
Modified
2024-08-06 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:09:17.214Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "48528", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48528" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "MDVSA-2012:011", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:011" }, { "name": "47755", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/47755" }, { "name": "1026548", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026548" }, { "name": "78320", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/78320" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "51563", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/51563" }, { "name": "DSA-2392", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2392" }, { "name": "HPSBUX02737", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03169289" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57353" }, { "name": "SSRT100747", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03169289" }, { "name": "47631", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/47631" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "47677", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/47677" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20120118.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-01-18T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-08-19T15:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "48528", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48528" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "MDVSA-2012:011", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:011" }, { "name": "47755", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/47755" }, { "name": "1026548", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026548" }, { "name": "78320", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/78320" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "51563", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/51563" }, { "name": "DSA-2392", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2392" }, { "name": "HPSBUX02737", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03169289" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57353" }, { "name": "SSRT100747", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03169289" }, { "name": "47631", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/47631" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "SSRT100852", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "name": "47677", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/47677" }, { "name": "HPSBMU02776", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20120118.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-0050", "datePublished": "2012-01-19T19:00:00", "dateReserved": "2011-12-07T00:00:00", "dateUpdated": "2024-08-06T18:09:17.214Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-2131 (GCVE-0-2012-2131)
Vulnerability from cvelistv5
Published
2012-04-24 20:00
Modified
2024-08-06 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:26:08.465Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SUSE-SU-2012:0623", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html" }, { "name": "SUSE-SU-2012:1149", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "MDVSA-2012:064", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:064" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673" }, { "name": "USN-1428-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1428-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=22479" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20120424.txt" }, { "name": "DSA-2454", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2454" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "48895", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48895" }, { "name": "openssl-asn1-code-execution(75099)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75099" }, { "name": "48956", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48956" }, { "name": "[oss-security] 20120424 Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/04/24/1" }, { "name": "SUSE-SU-2012:0637", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57353" }, { "name": "HPSBUX02782", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "1026957", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026957" }, { "name": "53212", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/53212" }, { "name": "SSRT100844", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-04-24T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "SUSE-SU-2012:0623", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html" }, { "name": "SUSE-SU-2012:1149", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "MDVSA-2012:064", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:064" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673" }, { "name": "USN-1428-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1428-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=22479" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20120424.txt" }, { "name": "DSA-2454", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2454" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "48895", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48895" }, { "name": "openssl-asn1-code-execution(75099)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75099" }, { "name": "48956", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48956" }, { "name": "[oss-security] 20120424 Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/04/24/1" }, { "name": "SUSE-SU-2012:0637", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html" }, { "name": "HPSBOV02793", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57353" }, { "name": "HPSBUX02782", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" }, { "name": "SSRT100891", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "1026957", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026957" }, { "name": "53212", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/53212" }, { "name": "SSRT100844", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-2131", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SUSE-SU-2012:0623", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html" }, { "name": "SUSE-SU-2012:1149", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "MDVSA-2012:064", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:064" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673" }, { "name": "USN-1428-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1428-1" }, { "name": "http://cvs.openssl.org/chngview?cn=22479", "refsource": "CONFIRM", "url": "http://cvs.openssl.org/chngview?cn=22479" }, { "name": "http://www.openssl.org/news/secadv_20120424.txt", "refsource": "CONFIRM", "url": "http://www.openssl.org/news/secadv_20120424.txt" }, { "name": "DSA-2454", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2454" }, { "name": "http://support.apple.com/kb/HT5784", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "48895", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48895" }, { "name": "openssl-asn1-code-execution(75099)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75099" }, { "name": "48956", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48956" }, { "name": "[oss-security] 20120424 Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/04/24/1" }, { "name": "SUSE-SU-2012:0637", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html" }, { "name": "HPSBOV02793", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "57353", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57353" }, { "name": "HPSBUX02782", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" }, { "name": "SSRT100891", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "name": "1026957", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026957" }, { "name": "53212", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53212" }, { "name": "SSRT100844", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2131", "datePublished": "2012-04-24T20:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2024-08-06T19:26:08.465Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-0277 (GCVE-0-2013-0277)
Vulnerability from cvelistv5
Published
2013-02-13 01:00
Modified
2024-08-06 14:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.
References
URL | Tags | ||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:18:09.560Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1028109", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1028109" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://puppet.com/security/cve/cve-2013-0277" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "DSA-2620", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2013/dsa-2620" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "90073", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/90073" }, { "name": "[rubyonrails-security] 20130211 Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0 [CVE-2013-0277]", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source\u0026output=gplain" }, { "name": "openSUSE-SU-2013:0462", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "name": "[oss-security] 20130211 Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0 [CVE-2013-0277]", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2013/02/11/6" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/" }, { "name": "52112", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/52112" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-02-11T00:00:00", "descriptions": [ { "lang": "en", "value": "ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-08T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "1028109", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1028109" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://puppet.com/security/cve/cve-2013-0277" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "DSA-2620", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2013/dsa-2620" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "90073", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/90073" }, { "name": "[rubyonrails-security] 20130211 Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0 [CVE-2013-0277]", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source\u0026output=gplain" }, { "name": "openSUSE-SU-2013:0462", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "name": "[oss-security] 20130211 Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0 [CVE-2013-0277]", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2013/02/11/6" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/" }, { "name": "52112", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/52112" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0277", "datePublished": "2013-02-13T01:00:00", "dateReserved": "2012-12-06T00:00:00", "dateUpdated": "2024-08-06T14:18:09.560Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-5519 (GCVE-0-2012-5519)
Vulnerability from cvelistv5
Published
2012-11-20 00:00
Modified
2024-08-06 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T21:05:47.442Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20121111 Re: Privilege escalation (lpadmin -\u003e root) in cups", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/11/11/5" }, { "name": "USN-1654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1654-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "SUSE-SU-2015:1044", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html" }, { "name": "cups-systemgroup-priv-esc(80012)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80012" }, { "name": "[oss-security] 20121111 Re: Privilege escalation (lpadmin -\u003e root) in cups", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/11/11/2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692791" }, { "name": "RHSA-2013:0580", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0580.html" }, { "name": "SUSE-SU-2015:1041", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html" }, { "name": "[oss-security] 20121110 Privilege escalation (lpadmin -\u003e root) in cups", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/5" }, { "name": "56494", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/56494" }, { "name": "openSUSE-SU-2015:1056", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-11-10T00:00:00", "descriptions": [ { "lang": "en", "value": "CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[oss-security] 20121111 Re: Privilege escalation (lpadmin -\u003e root) in cups", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/11/11/5" }, { "name": "USN-1654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1654-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "SUSE-SU-2015:1044", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html" }, { "name": "cups-systemgroup-priv-esc(80012)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80012" }, { "name": "[oss-security] 20121111 Re: Privilege escalation (lpadmin -\u003e root) in cups", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/11/11/2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692791" }, { "name": "RHSA-2013:0580", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0580.html" }, { "name": "SUSE-SU-2015:1041", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html" }, { "name": "[oss-security] 20121110 Privilege escalation (lpadmin -\u003e root) in cups", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2012/11/10/5" }, { "name": "56494", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/56494" }, { "name": "openSUSE-SU-2015:1056", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-5519", "datePublished": "2012-11-20T00:00:00", "dateReserved": "2012-10-24T00:00:00", "dateUpdated": "2024-08-06T21:05:47.442Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-0987 (GCVE-0-2013-0987)
Vulnerability from cvelistv5
Published
2013-05-24 10:00
Modified
2024-08-06 14:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QTIF file.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:49:19.022Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2013-05-22-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/May/msg00001.html" }, { "name": "oval:org.mitre.oval:def:16759", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16759" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5770" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-05-22T00:00:00", "descriptions": [ { "lang": "en", "value": "Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QTIF file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "name": "APPLE-SA-2013-05-22-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/May/msg00001.html" }, { "name": "oval:org.mitre.oval:def:16759", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16759" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5770" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2013-0987", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QTIF file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "APPLE-SA-2013-05-22-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/May/msg00001.html" }, { "name": "oval:org.mitre.oval:def:16759", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16759" }, { "name": "http://support.apple.com/kb/HT5770", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5770" }, { "name": "http://support.apple.com/kb/HT5784", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2013-0987", "datePublished": "2013-05-24T10:00:00", "dateReserved": "2013-01-10T00:00:00", "dateUpdated": "2024-08-06T14:49:19.022Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-0982 (GCVE-0-2013-0982)
Vulnerability from cvelistv5
Published
2013-06-05 10:00
Modified
2024-09-16 22:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:49:19.049Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-06-05T10:00:00Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2013-0982", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://support.apple.com/kb/HT5784", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2013-0982", "datePublished": "2013-06-05T10:00:00Z", "dateReserved": "2013-01-10T00:00:00Z", "dateUpdated": "2024-09-16T22:35:28.459Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-0276 (GCVE-0-2013-0276)
Vulnerability from cvelistv5
Published
2013-02-13 01:00
Modified
2024-08-06 14:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:18:09.823Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "57896", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/57896" }, { "name": "52774", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/52774" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "DSA-2620", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2013/dsa-2620" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "[oss-security] 20130211 Circumvention of attr_protected [CVE-2013-0276]", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2013/02/11/5" }, { "name": "RHSA-2013:0686", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html" }, { "name": "openSUSE-SU-2013:0462", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "name": "90072", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/90072" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/" }, { "name": "52112", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/52112" }, { "name": "[rubyonrails-security] 20130211 Circumvention of attr_protected [CVE-2013-0276]", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source\u0026output=gplain" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-02-11T00:00:00", "descriptions": [ { "lang": "en", "value": "ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-03-06T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "57896", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/57896" }, { "name": "52774", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/52774" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "DSA-2620", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2013/dsa-2620" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "[oss-security] 20130211 Circumvention of attr_protected [CVE-2013-0276]", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2013/02/11/5" }, { "name": "RHSA-2013:0686", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html" }, { "name": "openSUSE-SU-2013:0462", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "name": "90072", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/90072" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/" }, { "name": "52112", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/52112" }, { "name": "[rubyonrails-security] 20130211 Circumvention of attr_protected [CVE-2013-0276]", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source\u0026output=gplain" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0276", "datePublished": "2013-02-13T01:00:00", "dateReserved": "2012-12-06T00:00:00", "dateUpdated": "2024-08-06T14:18:09.823Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-0985 (GCVE-0-2013-0985)
Vulnerability from cvelistv5
Published
2013-06-05 10:00
Modified
2024-09-17 03:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:49:19.029Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-06-05T10:00:00Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2013-0985", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://support.apple.com/kb/HT5784", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2013-0985", "datePublished": "2013-06-05T10:00:00Z", "dateReserved": "2013-01-10T00:00:00Z", "dateUpdated": "2024-09-17T03:34:11.764Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-3210 (GCVE-0-2011-3210)
Vulnerability from cvelistv5
Published
2011-09-22 10:00
Modified
2024-08-06 23:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T23:29:56.549Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "HPSBMU02752", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2" }, { "name": "SSRT100802", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "MDVSA-2011:137", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:137" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "1026012", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026012" }, { "name": "HPSBUX02734", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://openssl.org/news/secadv_20110906.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvs.openssl.org/chngview?cn=21337" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57353" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=736079" }, { "name": "SSRT100729", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-09-06T00:00:00", "descriptions": [ { "lang": "en", "value": "The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-03-18T11:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "HPSBMU02752", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2" }, { "name": "SSRT100802", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" }, { "name": "MDVSA-2011:137", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:137" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "1026012", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026012" }, { "name": "HPSBUX02734", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://openssl.org/news/secadv_20110906.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvs.openssl.org/chngview?cn=21337" }, { "name": "57353", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57353" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=736079" }, { "name": "SSRT100729", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-3210", "datePublished": "2011-09-22T10:00:00", "dateReserved": "2011-08-19T00:00:00", "dateUpdated": "2024-08-06T23:29:56.549Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-0155 (GCVE-0-2013-0155)
Vulnerability from cvelistv5
Published
2013-01-13 22:00
Modified
2024-08-06 14:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:18:09.462Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2013:1906", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html" }, { "name": "RHSA-2013:0155", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0155.html" }, { "name": "DSA-2609", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2013/dsa-2609" }, { "name": "openSUSE-SU-2014:0009", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://puppet.com/security/cve/cve-2013-0155" }, { "name": "openSUSE-SU-2013:1907", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "openSUSE-SU-2013:1904", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A" }, { "name": "RHSA-2013:0154", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "name": "[rubyonrails-security] 20130108 Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source\u0026output=gplain" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-01-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660 and CVE-2012-2694." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-08T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "openSUSE-SU-2013:1906", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html" }, { "name": "RHSA-2013:0155", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0155.html" }, { "name": "DSA-2609", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2013/dsa-2609" }, { "name": "openSUSE-SU-2014:0009", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://puppet.com/security/cve/cve-2013-0155" }, { "name": "openSUSE-SU-2013:1907", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "openSUSE-SU-2013:1904", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A" }, { "name": "RHSA-2013:0154", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "name": "[rubyonrails-security] 20130108 Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source\u0026output=gplain" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0155", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660 and CVE-2012-2694." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2013:1906", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html" }, { "name": "RHSA-2013:0155", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0155.html" }, { "name": "DSA-2609", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2609" }, { "name": "openSUSE-SU-2014:0009", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" }, { "name": "https://puppet.com/security/cve/cve-2013-0155", "refsource": "CONFIRM", "url": "https://puppet.com/security/cve/cve-2013-0155" }, { "name": "openSUSE-SU-2013:1907", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html" }, { "name": "http://support.apple.com/kb/HT5784", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5784" }, { "name": "APPLE-SA-2013-06-04-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "name": "openSUSE-SU-2013:1904", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html" }, { "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A" }, { "name": "RHSA-2013:0154", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "name": "[rubyonrails-security] 20130108 Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155)", "refsource": "MLIST", "url": "https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source\u0026output=gplain" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0155", "datePublished": "2013-01-13T22:00:00", "dateReserved": "2012-12-06T00:00:00", "dateUpdated": "2024-08-06T14:18:09.462Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…